Project

General

Profile

Actions

Feature #6776

open

Allow disabling of "filter rule association" by default

Added by Michael Newton about 5 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
09/07/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

This setting is inherently insecure, as it opens a hole in your firewall for the world to get into. Fine for public-facing servers or home users, but not so great when you need remote access from a limited number of IP addresses. Of course it can be disabled when the rule is created, but it's easy to overlook.

I would like to see the ability to set a system-wide default, similar to the "NAT reflection" setting above it, so that this can be globally disabled for those who want to maintain some semblance of security over their WAN port.

Actions #1

Updated by Jim Pingle about 2 years ago

  • Category set to Rules / NAT
Actions #2

Updated by Keenton IT 2 months ago

Hi,

Note that this setting revert back to "Add associated filter rule" also when you clone an existing NAT Rule set to "None". This is mostly insecure if you forget this detail.

Bye !

Actions #3

Updated by Viktor Gurov 2 months ago

Keenton IT wrote in #note-2:

Hi,

Note that this setting revert back to "Add associated filter rule" also when you clone an existing NAT Rule set to "None". This is mostly insecure if you forget this detail.

Bye !

see #12272

Actions

Also available in: Atom PDF