pmateus Lv2Posted 07 May 2024 16:40
  
Hi,
- "permit any any" explicitly allows all traffic to pass through the firewall without restriction. This means that any traffic originating from any source and destined to any destination is permitted.

- "deny any any" explicitly denies all traffic, meaning no traffic is allowed to pass through the firewall.

Thanks.
Newbie290036 Lv4Posted 07 May 2024 23:11
  

In NGAF (Next-Generation Application Firewall) 8.0.47, the implicit policy typically defaults to "deny any any" on the firewall. This means that by default, all inbound and outbound traffic is denied unless explicitly permitted by configured firewall rules. This approach follows the principle of least privilege, enhancing security by blocking all traffic by default and requiring administrators to define specific rules to allow traffic based on source, destination, port, protocol, and other criteria. This default deny policy helps to prevent unauthorized access, reduce the attack surface, and mitigate potential security risks. Administrators can then carefully craft firewall rules to control traffic flow according to organizational security policies and requirements, ensuring that only legitimate and authorized traffic is allowed while unauthorized or potentially malicious traffic is blocked.
mdamores Lv3Posted 08 May 2024 09:22
  
Hi,

For NGAF 8.0.47, by default, if no explicit "permit any any" or "deny any any" policy defined, the implicit policy is considered to be "deny all" which means that any traffic that doesn't match a specific rule allowing it will be blocked. Having "deny all" policy configured  is very secure but it also means you'll need to define rules manually for all the traffic you want to allow which is very time-consuming to set up and administer
Tayyab0101 Lv2Posted 08 May 2024 17:32
  
it is to block all kind of un wanted traffic.
Rotring Lv2Posted 09 May 2024 11:16
  
Security Best Practices: By design, firewalls shouldn't have an implicit "permit any any" policy. This would allow all traffic through the firewall, defeating its purpose of controlling network access.
Default Configuration: Most firewalls, including NGAF, likely have a default policy that's more restrictive, possibly "deny any any" by default. This ensures only authorized traffic can pass through.
However, there are some factors to consider:

Your Specific Configuration: The actual policy on your NGAF device depends on how you or your IT department have configured it. It might involve custom rules that override the default settings.
Management Interface Access: Firewalls often have a separate management interface for configuration purposes. This interface might have a less restrictive policy to allow for initial setup or troubleshooting, but it shouldn't be the default for general network traffic.
Here's how to find the actual policy on your NGAF device:

Consult NGAF Documentation: Refer to the documentation or online resources for your specific NGAF model and version (8.0.47). This documentation should explain how to view or manage firewall policies.
Access Management Console: The NGAF management console likely has a section for viewing and managing firewall rules. Look for options related to "default policy," "implicit rules," or "firewall settings."
If you're unsure about the configuration or don't have access to the management console, it's best to consult your IT department. They can provide details about the specific firewall policy in place for your NGAF device.

Here's an important takeaway:

Avoid "permit any any": Having a "permit any any" policy on a production firewall is a major security risk and should be avoided at all costs. Firewalls are meant to control and restrict traffic, not allow everything through.
jerome_itable Lv3Posted 09 May 2024 13:02
  
The implicit policy for Sangfor NGAF 8.
0.47 firewall is "deny any any". This means by default, the firewall will block all incoming and outgoing traffic unless a specific rule is created to allow it.
tramsevans Lv1Posted 13 May 2024 12:04
  
This "permit any any" means that there are specific rules that allows certain types of traffic to pass through from firewall and all inbound and outbound traffic will be block. This helps enhance security by requiring admin to define what allowing traffic and what is not it is to reduce the risk of unwanted or unauthorized access or malicious activity.

The "deny any any" is my by default to explicit firewall rules. this means all packets from inbound and outbound is denied unless there are rules configured that allows the traffic.

I Can Help:

Change

Moderator on This Board

11
6
5

Started Topics

Followers

Follow

1
2
5

Started Topics

Followers

Follow

0
3
4

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
10
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders