Basic Inbound Firewall Rules


#1

I’m a complete newbie to using the Peplink Balance 20, migrating from a consumer grade router/access point to the Balance 20 and Pepwave AP One. I’ve got the units up and running no problem, using two wan connections - a DSL modem and a cable modem. Both are set to NAT routing and I have created an inbound firewall rule based on the case study in the user manual appendix. In addition, I have Intrusion Detection enabled. My question is, is there anything else I need to do to ensure basic firewall protection? I’m not looking for Fort Knox here - just some guidelines/rules on being sure I’m reasonably protected.

I’m a home user and moved to Peplink for the dual-WAN capability. Have a few computers and half-dozen or so mobile devices hooked up. Any assistance or resources you know of are appreciated - thanks!

-Mike


#2

You could set up as pppoe connection. And in the firewall rules leave the default to block everything, and then just create the rules of the ports that you will use. This avoids having all sorts of free port.

Denying or limiting access only specific ips, for the administration of Peplink through the wan port.

BR,
André


#3

Andre:

Thanks for the feedback, but you’re already getting over my head. The DSL modem is set up as a PPPoE connection (it required that when connected to a router vs. PC), but the cable modem is set up as DHCP. I’m not sure how I would even change the cable modem’s setup. Additionally, the concept of “ports” is a new one to me - are we talking physical ports on the Balance 20 or logical ports? If logical, how would I know which ones I’m actually using? As I said, I’m a total newbie - my apologies! The reseller I bought it from (one of Peplink’s authorized ones) basically said what I’m asking is above the scope of their tech support - maybe a conversation with Peplink’s tech team would make the most sense.

-Mike


#4

Mike, so… if you have configured as is already good. Which version of firmware your Peplink? - Is shown immediately when you enter the administration, Device information.

:slight_smile:


#5

5.3.12 build 1303


#6

Hi Mike,

Newbies are always welcome, no worries :slight_smile:

The reseller you purchased from should definitely help you out with these questions though.

Honestly, a lot of home users do not even bother with the firewall settings because the first layer of protection is already there as the Peplink is doing a NAT. This means that your computers and devices that are connected to your Peplink are receiving private IP addresses - ie 192.168.1.x, so they are not directly exposed to the internet.

Now if you want additional piece of mind, you could always create an inbound firewall rule to “deny” all. You can just edit the default rule and change it from Allow to Deny. This is a very strict rule and will not allow any traffic that originates from the outside to get in. The key word here is “originates”. This will not have any impact on your browsing or accessing other resources on the internet (because this is actually traffic that originated going outbound).

The only thing to keep in mind would be if you need to gain access to computers or devices on your network from the outside - an example would be a security camera or a computer you want to access via Remote Desktop. In this case you would then need to create inbound rules to allow this traffic and place it above the default rule.

Hope this helps and enjoy your gear :slight_smile:


#7

Tim:

HUGE help - this is exactly what I was looking for. I don’t have a need for any external resources to gain access to my network, so your solution is ideal. I’ve quoted what the reseller told me via e-mail below. I left off who they were, rather than broadcast it publicly. If you need to know, I’d be happy to provide via pm or e-mail. Thanks again.

-Mike

E-mail response from reseller, regarding assistance with Firewall settings:

“Thank you for contacting XXX. As a reseller of the Peplink Balance 20, we only offer basic set-up assistance, such as logging in to the unit’s software and simple IP changes. What you are asking for is advanced configuration matters which is outside the support we offer on these products. We suggest you either contact the manufacturer’s tech support or refer to the user’s guide found through the manufacturer’s website once you register your product.”


#8

Hey Mike,

Thanks for the update, glad I was able to help.

I realize some resellers may consider firewall rules to be more of an advanced configuration item, and it definitely can be - depending on the deployment.

Either way, I’m glad your questions got answered. As our customer, having you satisfied and happy with your purchase is our goal. :up:


#9

Post removed.