Jump to:navigation, search
Wiki

Implied rules

From Securepoint Wiki





notempty
Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!

notempty
Der Artikel für die neueste Version steht hier

notempty
Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Beta-Version bezieht








































































Implied rules of the UTM

Last adaptation to the version: 12.5.0

New:
notempty
This article refers to a Beta version
Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 → Firewall →Implied rules


Implied rules

Settings in menu → Firewall →Implied rules.
Implied rules have been added for certain use cases. These rules can be easily activated or deactivated by the user as needed. Some of these rules are already active by default.

notempty
The access zones are not relevant for these rules.
Group Rule Description Protocol Port Active
(default setting)
BlockChain Activates / deactivates the entire group On
FailToBan_ssh Access via ssh.Monitoring with Fail2Ban rules.
Configuration at → Applications →IDS / IPS
Wiki article 		TCP 22 On
FailToBan_http_admin Access via the Admin Interface. Monitoring with Fail2Ban rules.
Configuration at → Applications →IDS / IPS
Wiki article
Port changes possible at → Network →Appliance Settings
 TCP 11115* On
FailToBan_http_user Access via the User interface. Monitoring with Fail2Ban rules.
Configuration at → Applications →IDS / IPS
Wiki article
Port changes possible at → Network →Appliance Settings
 TCP 443* On
FailToBan_smtp Access via the Mailgateway. Monitoring with Fail2Ban rules.
Configuration at → Applications →IDS / IPS
Wiki article
Port changes possible at → Applications →MailrelayTab Smarthost
 TCP 25* On
CaptivePortal Enable redirection of traffic to a landingpage Off
CaptivePortalPage Opens an incoming port on the corresponding interface of the firewall that is intended for the captive portal to display the landingpage.
Port changes possible at → Applications →Captive PortalTab Advanced
 TCP 8085* Off
CaptivePortalRedirection Redirection of traffic to the above mentioned port. Off
IPComp IPComp Accepts connections with IPComp protocol (compression of data packets, IP protocol number 108) IPComp Off
IpsecTraffic Activates / deactivates the entire group Off
Accept Accepts incoming and outgoing traffic of an IPSec connection. On
No NAT for IPSec connections Takes all IPSec connections from the NAT
  • Changed default setting for new installations as of v12.5
    		•  On
    Silent Services Accept Bootp Accepts
    • Requests for the bootstrap protocol Bootp to transmit an IP address and possibly further parameters.
    • Requests for DHCP (extension of Bootp)
    		 UDP 67 On
    68
    Silent Services Drop NetBios Datagram Discards these packages without log message UDP 138 On
    NetBios Nameservice Discards these packages without log message UDP 137 On
    NetBios Session Service Discards these packages without log message UDP 139 On
    VPN IPSec IKE Accepts connections on port 500/UDP UDP 500 On
    IPSec ESP Accepts connections with the ESP protocol (50) ESP On
    IPSec NAT Traversal Accepts connections on port 4500/UDP UDP 4500 On
    SSL VPN UDP Accepts connections on ports for which an SSL VPN instance has been configured with the UDP protocol UDP 1194 On
    SSL VPN TCP Accepts connections on ports for which an SSL VPN instance has been configured with the TCP protocol TCP 1194 On
    User Interface Portal Accepts connections on port 443/TCP. Required for the user interface. TCP 443 Off
    Wireguard Enables connections with the Wireguard protocol.
    Port changes possible at → VPN →WireGuard Button edit connection
    		 UDP 51280* Off





    notempty
    This article refers to a version that is no longer current!

    notempty
    The article for the latest version is here

    notempty
    There is already a newer version of this article, but it refers to a Beter version












































    Rules

    Rules
    Active Group/Rule Description
    Dialogue: Implied Rules
    On GeoIP Activates the GeoIP settings for both sources and destinations.
    On IPGeoBlockingSrc Activates the GeoIP settings for rejected sources
    On IPGeoBlockingDst Activates the GeoIP settings for rejected destinations

    GeoIP settings

    GeoIP settings
    Caption Value Description
    Dialogue: GeoIP Settings
    System-wide dropped sources: BX (random example) In the click box, countries can be selected that are to be blocked as sources.
    New as of 12.4

    Group:    		 All Selection from preset groups, which selects e.g. all countries of a continent.
    + Add Adds the regions from the selected group
    - Remove Removes the regions from the selected group
    Exceptions (sources): IP address Exceptions for system-wide rejected sources can be defined here.
    System-wide dropped destinations: BX (random example) In the click box, countries can be selected that are to be blocked as targets.
    This prevents access via browsers as well as, for example, downloaded malicious code.
    Exceptions (destinations): IP address Exceptions for system-wide rejected destinations can be defined here.
    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/RULE/Implizite_Regeln_v12.5.0&oldid=91462"