Security Focused? - many ports closed, responds to ping?

Comments

5 comments

  • Avatar
    Firewalla

    I assume you are talking about the Gold;

    The WAN ping problem is a bug that will be fixed in 1.971, which is coming up very soon.  It will be off, until you turn it on.   As of other ports, the Gold has a default ingress firewall, you can see that by tapping on the rules button.  The ingress firewall by default will block all traffic coming in. 

    0
    Comment actions Permalink
  • Avatar
    Samuel Simpson

    Correct assumption for Gold device. I must have edited after your quick reply. 

    The the default rule Block Traffic from Internet enabled on all devices is the rule you mean? I guess I would have expected the results of the scanner to resolve everything in a stealth mode but maybe that is my novice view thinking. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Tap on rules, tap on "all devices", you will see two set

    1. Block Traffic from the Internet, this is the rule that's the "ingress firewall".  This is stateful.

    2. Active Protect Rules.  These are rules that automatically block both in and out sites that bad by default.

    Scanner have different ways of presenting things; As of GRC, we absolutely have no idea how it is doing the scan, and that site itself is definitely not a good example of a clean design

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I agree. I use GRC to test open ports and I have a image of a strange scan. But the post won’t let me attach a image. My Gold has been doing a great job of blocking bad IP addresses. I have 93 blocked in just 4 days. It is strange that it responds to ping requests and the firewall we have at work will actively block you if you ping the box more than once. I accidentally blocked myself running some tests.

    I can send you my screen shot if you want to see.

    0
    Comment actions Permalink
  • Avatar
    Chris Thomas

    I agree that by default Firewalla Gold should not respond to ping, and it should silently drop traffic on the outside interface(s). Internally, I generally use Reject so that I get the error immediately and know that it's likely a firewall problem vs something.

    Personally I leave ping open on the outside interface so that I can monitor my network connection externally, but I have it geoblocked to US.

    0
    Comment actions Permalink

Please sign in to leave a comment.