HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Firewall Rules
Operating System - HP-UX
1834187
Members
2808
Online
110064
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2005 01:09 AM
08-12-2005 01:09 AM
Hi everyone
Looking for any firewall admins out there. What is your default policy/theory when implementing rules. Can you point me in the direction of any official guidelines for a rule policy and why specific suggestions are made.
My theory is to block everything then only allow access per port basis when requested
Also,
If you have a customer who has subnets open to specific hosts (any tcp/udp) what would be the best way to tighten this down without causing to much impact to the currently running services
Any pointers/help appreciated
Thanks in advance
Steven
Looking for any firewall admins out there. What is your default policy/theory when implementing rules. Can you point me in the direction of any official guidelines for a rule policy and why specific suggestions are made.
My theory is to block everything then only allow access per port basis when requested
Also,
If you have a customer who has subnets open to specific hosts (any tcp/udp) what would be the best way to tighten this down without causing to much impact to the currently running services
Any pointers/help appreciated
Thanks in advance
Steven
take your time and think things through
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2005 01:21 AM
08-12-2005 01:21 AM
Solution
Steven
I am not a firewall admin but working with one as I am deeply involved in a project which contains dual personality servers looking up at the internet as well as internal database servers. As you can imagine, it is very firewall heavy.
Yes the adaptive tuning is the method but quite the other way than how you are thinking of tuning it the way we do it for this project. Especially complex projects and developers of these projects do not always know which ports they need open all the time. And when something is not working, asking them does not really help.
So what we do is, we start implementation with a firewall ruleset which is wide open, i.e. a NATing passthru conduit. Then once our app is working as expected, the network guys attach a sniffer and listen to the traffic during acceptance testing. Then tighten down the firewall on the last week of acceptance testing and watch the user complaints very closely for the fine tuning.
Just my 2 cents.
I am not a firewall admin but working with one as I am deeply involved in a project which contains dual personality servers looking up at the internet as well as internal database servers. As you can imagine, it is very firewall heavy.
Yes the adaptive tuning is the method but quite the other way than how you are thinking of tuning it the way we do it for this project. Especially complex projects and developers of these projects do not always know which ports they need open all the time. And when something is not working, asking them does not really help.
So what we do is, we start implementation with a firewall ruleset which is wide open, i.e. a NATing passthru conduit. Then once our app is working as expected, the network guys attach a sniffer and listen to the traffic during acceptance testing. Then tighten down the firewall on the last week of acceptance testing and watch the user complaints very closely for the fine tuning.
Just my 2 cents.
________________________________
UNIX because I majored in cryptology...
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2005 01:25 AM
08-12-2005 01:25 AM
Re: Firewall Rules
sounds like a reasonable method, thanks Mel
Steven
Steven
take your time and think things through
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP