Firewall Rules... to Deny or Allow that is the question

  • 1
  • Question
  • Updated 5 years ago
  • Answered
I'm a bit unsure how to create a rule using the firewall.. Do I add the services to the list I want to allow then Deny or the opposite way..

See pics as I've configured the rules..

and/or
Photo of Thomas Fields

Thomas Fields

  • 7 Posts
  • 0 Reply Likes
  • unsure

Posted 5 years ago

  • 1
Photo of Thomas Fields

Thomas Fields

  • 7 Posts
  • 0 Reply Likes
Can I create a rule for the just the three that I want to DENY (bottom 3) and PERMIT (default action) the others??
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Good question

From my experience with cisco
Usually acls are from top to down
being more granular to general
usually an implicit deny at the end

From Aerohive help
To add another rule (you can add up to 1024), click New, define the parameters as described above, and then click Apply. Each rule you add appears in the table below the previous rule. The branch router evaluates active firewall policy rules from top to bottom for a match. When it finds one, it either permits or denies the traffic and optionally logs the event. As you can see, the position of a rule within a policy is very important. If more than one rule in a policy matches the source or destination, the router applies the rule that is higher in the list because that is the first match it finds. To move a rule within the list, simply drag it to a new position.

When rearranging rules, keep in mind that because the router checks rules in order from the top of the list until it finds a match, avoid placing a rule in a position that occludes (or "shadows") another rule lower than it in the list.

After defining and ordering the rules in your policy, the final rule to set is the default rule. It determines what to do to all traffic to which the other rules do not apply. You can select either Permit all or Deny all. Finally, like the other rules, you can enable or disable logging for the default rule.

When you add a new rule, if you want it to override all other rules, select the box next to Add a new policy rule on top.