Policies using Application Control

Hello!

My T40 came with some rules and I want to find out what's their purpose. It's about the "Application Control" feature:

The Application Control is enabled for outbound traffic of FTP from our trusted network as well as for outgoing traffic from our guest network. In both cases, the Application Control defines all Remote Access Terminal (e.g. TeamViewer, AnyDesk) software to drop their connections. All other software is allowed.

Now, what's the purpose of this special rule? I guess that using any Remote Access software on port 21 does not make sense much, amiright?

But why should I prevent any outbound traffic of users of the guest network?

Best regards,
Ham

Comments

  • Just to confirm, this was the result immediately after a Quick Setup Wizard run?

    By default, I would not expect a guest network to be defined without some firewall admin interaction.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The FTP rule is in place to allow passive mode FTP transactions. Without that rule they will not work. If you don't use FTP, it's fine to erase that policy.

    You can read about the default policies and actions here:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/installation/setup_wizard_defaults_c.html

    Some defaults can be set following the quick setup wizard depending on what checkboxes you enable during that process. If you'd like to change them, you're welcome to.

    -James Carson
    WatchGuard Customer Support

  • Q. why should I prevent any outbound traffic of users of the guest network?
    A. some companies have Internet access policies which state the types of sites which should not be accessed, even by guests, which may include pornography, illegal sites, compromised sites (for the safety of the user), etc.
    Even without such a company policy, some admins choose to block access to sites such as above for guests.

  • Thank you all for the comments!

    Can I do a Quick Setup run without tampering with the Firewall settings? Because it's in use already.

    Does someone know why the Remote Access software would be blocked?

  • Q. Can I do a Quick Setup run without tampering with the Firewall settings?
    A. I don't believe so - step 4 of the Quick Setup Wizard saves the basic configuration to the Firebox and to a local configuration file. One would want to look at the local configuration file to see what is there and not upload it to the firewall.

    From the link posted above:

    Global Application Control actions:

    Drop — Application — Crypto Admin
    Drop — Application Category — Bypass Proxies and Tunnels
    

    I don't see that this indicates that Remote Access software is blocked by default.

Sign In to comment.