https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602646#M557175 Steven<BR /><BR />I am not a firewall admin but working with one as I am deeply involved in a project which contains dual personality servers looking up at the internet as well as internal database servers. As you can imagine, it is very firewall heavy.<BR /><BR />Yes the adaptive tuning is the method but quite the other way than how you are thinking of tuning it the way we do it for this project. Especially complex projects and developers of these projects do not always know which ports they need open all the time. And when something is not working, asking them does not really help.<BR /><BR />So what we do is, we start implementation with a firewall ruleset which is wide open, i.e. a NATing passthru conduit. Then once our app is working as expected, the network guys attach a sniffer and listen to the traffic during acceptance testing. Then tighten down the firewall on the last week of acceptance testing and watch the user complaints very closely for the fine tuning.<BR /><BR />Just my 2 cents. Fri, 12 Aug 2005 08:21:58 GMT Mel Burslan 2005-08-12T08:21:58Z https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602645#M557174 Hi everyone<BR /><BR />Looking for any firewall admins out there. What is your default policy/theory when implementing rules. Can you point me in the direction of any official guidelines for a rule policy and why specific suggestions are made. <BR /><BR />My theory is to block everything then only allow access per port basis when requested<BR /><BR />Also,<BR /><BR />If you have a customer who has subnets open to specific hosts (any tcp/udp) what would be the best way to tighten this down without causing to much impact to the currently running services<BR /><BR />Any pointers/help appreciated<BR /><BR />Thanks in advance<BR /><BR />Steven Fri, 12 Aug 2005 08:09:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602645#M557174 steven Burgess_2 2005-08-12T08:09:49Z https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602646#M557175 Steven<BR /><BR />I am not a firewall admin but working with one as I am deeply involved in a project which contains dual personality servers looking up at the internet as well as internal database servers. As you can imagine, it is very firewall heavy.<BR /><BR />Yes the adaptive tuning is the method but quite the other way than how you are thinking of tuning it the way we do it for this project. Especially complex projects and developers of these projects do not always know which ports they need open all the time. And when something is not working, asking them does not really help.<BR /><BR />So what we do is, we start implementation with a firewall ruleset which is wide open, i.e. a NATing passthru conduit. Then once our app is working as expected, the network guys attach a sniffer and listen to the traffic during acceptance testing. Then tighten down the firewall on the last week of acceptance testing and watch the user complaints very closely for the fine tuning.<BR /><BR />Just my 2 cents. Fri, 12 Aug 2005 08:21:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602646#M557175 Mel Burslan 2005-08-12T08:21:58Z https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602647#M557176 sounds like a reasonable method, thanks Mel<BR /><BR />Steven Fri, 12 Aug 2005 08:25:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/firewall-rules/m-p/3602647#M557176 steven Burgess_2 2005-08-12T08:25:51Z