Firewall Policy - To Block all but VPN - Should a Cyber incident occurr
Hi,
I am wondering if there is any built in Policy within the Watchguards, that deny all but Watchguard VPN. I am trying to get my head around, if we had a cyber incident, how we would be able to let the cyber experts in whilst blocking out the possible hackers.
If it happened, what I wouldn't want to have to be doing, is wasting time configuring policies. I would much rather have a policy sitting disabled, that all I would have to do is enable - which would block all internet traffic apart from Watchguard VPN
Hope I am making sense?
Thanks
Ryan
0
Sign In to comment.
Comments
Please define what you mean by "Watchguard VPN".
Is this a client VPN connection from someone at Watchguard?
Other than IPSec, I am not aware of any incoming access being allowed other than that allowed by policies that you have set up.
You can turn off the hidden built-in IPSec policy and add custom IPSec policies, as needed.
The setting for that is in the VPN -> VPN settings in WSM Policy Manager, and in VPN -> Global Settings in the Web UI.
See this:
About Global VPN Settings
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/global_vpn_settings_about_c.html
Hi Ryan,
Making a policy to deny all outbound traffic is pretty straightforward. VPN traffic will generally be inbound, so as long as you configure that policy to be outbound, it should allow VPN access.
It is important to keep in mind that policy changes only affect new connections, so existing connections will continue on even if a new policy is created to deny that traffic. You'd need to go into Hostwatch (WSM) or Firewatch (WebUI/WG Cloud) to remove the existing connections, or reboot the firewall to force everything to make a new connection.
-James Carson
WatchGuard Customer Support