Best practices for Firewall policy settings

Article:HOWTO55279  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55279
Article Type
How To


Subject


Best practices for Firewall policy settings

Table: Firewall policy best practices describes scenarios and best-practice recommendations.

Table: Firewall policy best practices

Scenario

Recommendation

Remote location where users log on without a VPN

The following settings are recommended as best practice for the Firewall policy:

  • Assign the strictest security policies to clients that log on remotely without using a VPN.

  • Enable NetBIOS protection.

    Note:

    Do not enable NetBIOS protection for the location where a remote client is logged on to the corporate network through a VPN. This rule is appropriate only when remote clients are connected to the Internet, not to the corporate network.

  • To increase security, also block all local TCP traffic on the NetBIOS ports 135, 139, and 445.

Remote location where users log on through a VPN

The following settings are recommended as best practice for the Firewall policy:

  • Leave as-is all the rules that block traffic on all adapters. Do not change those rules.

  • Leave as-is the rule that allows VPN traffic on all adapters. Do not change that rule.

  • For all rules that use the action Allow, change the Adapter column from All Adapters to the name of the VPN adapter that you use.

  • Enable the rule that blocks all other traffic.

Note:

You need to make all of these changes if you want to avoid the possibility of split tunneling through the VPN.

Office locations where users log on through Ethernet or wireless connections

Use your default Firewall policy. For the wireless connection, ensure that the rule to allow wireless EAPOL is enabled. 802.1x uses the Extensible Authentication Protocol over LAN (EAPOL) for connection authentication.

See Creating a firewall policy

See Automatically allowing communications for essential network services


Legacy ID



v45275714_v59371754


Article URL http://www.symantec.com/docs/HOWTO55279


Terms of use for this information are found in Legal Notices