L4 – Network Security – Firewall Policies per Service
| ID | Name | Description | Action | Direction | Protocol | Src Ports | Dst Ports |
| 1 | IPSec IKE | Allow (Stateful) | Incoming | UDP | 500 | ||
| 2 | IPSec Authentication | Allow (Stateful) | Incoming | Other | |||
| 3 | Domain Controller (TCP) | Allow incoming traffic to a Domain Controller | Allow (Stateful) | Incoming | TCP | 119,135,139,389,445,464,500,563,593,636,1026,1067-1068,1723,3268-3269 | |
| 4 | Domain Controller (UDP) | Allow incoming traffic to a Domain Controller | Allow | Incoming | UDP | 88,137-138,389,500,1645-1646,1701,1723,1812-1813 | |
| 5 | Web Server | Allow incoming TCP traffic to a Web Server | Allow (Stateful) | Incoming | TCP | 80,443 | |
| 6 | Remote Access SSH | Allow remote access to machines | Allow (Stateful) | Incoming | TCP | 22 | |
| 7 | Domain Client (TCP) | Allow incoming traffic from the domain controller | Allow (Stateful) | Incoming | TCP | 42,88,135,139,445,3268,3269 | |
| 8 | Domain Client (UDP) | Allow incoming traffic from the domain controller | Allow | Incoming | UDP | 53,88,137,138 | |
| 9 | SMTP Server | Allow incoming TCP traffic to an SMTP Server | Allow (Stateful) | Incoming | TCP | 25 | |
| 10 | IDENT | Allow (Stateful) | Incoming | TCP | 113 | ||
| 11 | DNS Server | Allow incoming DNS requests to a DNS server | Allow | Incoming | TCP/UDP | 53 | |
| 12 | ICMP Echo Request | Allow incoming Ping requests | Allow | Incoming | ICMP | ||
| 13 | Network Time Protocol | Allow Network Time Protocol traffic | Allow | Incoming | UDP | 123 | |
| 14 | Windows File Sharing | Allow file sharing traffic | Allow | Incoming | TCP/UDP | 137,138,139,445 | |
| 15 | Remote Access RDP | Allow remote access to machines | Allow (Stateful) | Incoming | TCP | 3389 | |
| 16 | POP3 Server | Allow (Stateful) | Incoming | TCP | 110 | ||
| 17 | IMAP Server | Allow (Stateful) | Incoming | TCP | 143,585,993 | ||
| 18 | Computer Associates Unicenter | Allow (Stateful) | Incoming | TCP | 4105 | ||
| 19 | Veritas | Allow (Stateful) | Incoming | TCP | 13722,10000,13701,6101,13782 | ||
| 20 | MySQL Server | Allow | Incoming | TCP/UDP | 3306 | ||
| 21 | WINS | Allow | Incoming | TCP/UDP | 1512 | ||
| 22 | WINS Registration | Allow | Incoming | TCP/UDP | 137 | ||
| 23 | WINS Replication | Allow | Incoming | TCP/UDP | 42 | ||
| 24 | Restricted Interface Exceptions – Netbios Name Service Incoming | Allow | Incoming | UDP | 137 | 137 | |
| 25 | Restricted Interface Exceptions – ARP Incoming | Allow | Incoming | Any | |||
| 26 | Restricted Interface Enforcement | Log packets blocked due to Restricted Interface Enforcement policy | Deny (Log) | Outgoing/Both | Any | ||
| 27 | Off Domain Exceptions – Domain Client (TCP) | Allow | Outgoing/Both | TCP | 42,88,135,139,445,3268,3269 | ||
| 28 | Off Domain Exceptions – ARP | Allow | Outgoing/Both | Any | |||
| 29 | Off Domain Exceptions – DNS | Allow | Outgoing/Both | TCP/UDP | 53 | ||
| 30 | Remote Domain Exceptions | When remotely connected to domain only corporate traffic is allowed | Allow | Outgoing/Both | TCP/UDP | ||
| 31 | Remote Domain Enforcement (Split Tunnel) | Log packets blocked due to Remote Domain Enforcement policy | Deny (Log) | Outgoing/Both | TCP/UDP | ||
| 32 | Off Domain Enforcement | Log packets blocked due to Off Domain Enforcement policy | Deny (Log) | Outgoing/Both | Any | ||
| 33 | Allow PPPOE Discovery | Allow (Stateful) | Incoming | Any | |||
| 34 | Allow PPPOE Session | Allow (Stateful) | Incoming | Any | |||
| 35 | Off Domain Exceptions – HTTP(S) | Allow | Outgoing/Both | TCP | 80,443 | ||
| 36 | Off Domain Exceptions – ICMP Echo Request | Allow | Outgoing/Both | ICMP | |||
| 37 | Off Domain Exceptions – IPSec Encryption | Allow | Outgoing/Both | Other | |||
| 38 | Off Domain Exceptions – VPN Tunnel | Allow | Outgoing/Both | TCP/UDP | 443,500,1723 | ||
| 39 | Off Domain Exceptions – Wireless Authentication | Allow | Outgoing/Both | Any | |||
| 40 | Remote Domain Exceptions – ARP | Allow | Outgoing/Both | Any | |||
| 41 | Remote Domain Exceptions – DNS | Allow | Outgoing/Both | TCP/UDP | 53 | ||
| 42 | Remote Domain Exceptions – GRE | Allow | Outgoing/Both | Other | |||
| 43 | Remote Domain Exceptions – ICMP Echo Request | Allow | Outgoing/Both | ICMP | |||
| 44 | Remote Domain Exceptions – IPSec Encryption | Allow | Outgoing/Both | Other | |||
| 45 | Remote Domain Exceptions – VPN Tunnel | Allow | Outgoing/Both | TCP/UDP | 443,500,1723 | ||
| 46 | Restricted Interface Exceptions – ARP Outgoing | Allow | Outgoing/Both | Any | |||
| 47 | Restricted Interface Exceptions – DHCP Client Incoming | Allow | Incoming | UDP | 67 | ||
| 48 | Restricted Interface Exceptions – DHCP Client Outgoing | Allow | Outgoing/Both | UDP | 68 | ||
| 49 | Restricted Interface Exceptions – Wireless Authentication Incoming | Allow | Incoming | Any | |||
| 50 | Restricted Interface Exceptions – Wireless Authentication Outgoing | Allow | Outgoing/Both | Any | |||
| 51 | Restricted Interface Exceptions – Netbios Name Service Outgoing | Allow | Outgoing/Both | UDP | 137 | 137 | |
| 52 | Deep Security Agent | Allow incoming traffic to Deep Security Agent | Allow (Stateful) | Incoming | TCP | 4118 | |
| 53 | VMware vCenter Server | Allow incoming traffic to VMware vCenter Server | Allow (Stateful) | Incoming | TCP/UDP | 80,443,902,8443,25,53,161,162,389,445,623,636,903,1024,1433,1521,5989,6500,6501,6502,8080,8095,8096,9087,9443,10109,10111,10443,18443,27000,27010,31000,52267,57348,60099 | |
| 54 | Allow ICMP fragmentation packet (type 3, code 4) | Allow | Incoming | ICMP | |||
| 55 | ARP | Allow incoming ARP traffic | Allow | Incoming | Any | ||
| 56 | Allow ICMP type 3 code 4 | This ICMP packet is used for MTU path negotiation | Allow | Incoming | ICMP | ||
| 57 | Allow solicited TCP/UDP replies | UDP stateful and TCP stateful must be enabled | Allow (Stateful) | Incoming | TCP/UDP | ||
| 58 | Allow solicited ICMP replies | ICMP stateful must be enabled | Allow (Stateful) | Incoming | ICMP | ||
| 59 | DHCP Client | Allow DHCP Offer traffic to a DHCP Client | Allow | Incoming | UDP | 67 | 68 |
| 60 | Deny Internal IP Ranges | Ingress filter to deny incoming spoofed packets | Deny (Log) | Incoming | Any | ||
| 61 | NetBios Name Service | For hosts that rely on NetBios for name resolution | Allow | Incoming | UDP | 137 | 137 |
| 62 | DHCP Server | Allow incoming DHCP requests to a DHCP server | Allow | Incoming | UDP | 68 | 67 |
| 63 | Wireless Authentication | Allow wireless authentication traffic | Allow | Incoming | Any | ||
| 64 | FTP Server | Allow incoming traffic to an FTP Server | Allow (Stateful) | Incoming | TCP | 20,21 | |
| 65 | Microsoft SQL Server | Allow incoming TCP traffic to a Microsoft SQL server | Allow | Incoming | TCP/UDP | 1433,1434 | |
| 66 | Oracle SQL Server | Allow incoming traffic to an Oracle SQL server | Allow | Incoming | TCP/UDP | 1521,5560 | |
| 67 | Deep Security Manager | Allow incoming traffic to Deep Security Manager | Allow (Stateful) | Incoming | TCP | 4119,4120 | |
| 68 | Microsoft Exchange Server | Allow incoming traffic to an Microsoft Exchange Server | Allow (Stateful) | Incoming | TCP | 135,102,25,691,80,443,110,995,143,993,119,563,379,135 | |
| 69 | IPSec Encryption | Allow (Stateful) | Incoming | Other | |||
| 70 | Generic Routing Encapsulation | Allow (Stateful) | Incoming | Other | |||
| 71 | Off Domain Exceptions – DHCP Client | Allow | Outgoing/Both | UDP | 68 | ||
| 72 | Off Domain Exceptions – Domain Client (UDP) | Allow | Outgoing/Both | UDP | 42,88,135,139,445,3268,3269 | ||
| 73 | Off Domain Exceptions – GRE | Allow | Outgoing/Both | Other |
# recommended
Login
0 Comments
Oldest