Limit port 32015 (speedfusion/vpn port) to listed IPs for PCI compliance

to further clarify, the default is that these rules are not there. you do have to add them to close these ports. personally, i think they should be blocked by default and you open them if needed, but that is a philosophical difference between the devs and myself.
but-you can close them all with one rule and you can do it via the api if you have hundreds of units as i do

4 Likes

Thanks for requesting this feature. Do the local service firewall rules allow you to block any rules outside of those setup within the surf soho (for example, it overrides windows firewall, etc.)?

Do you know of an article or other post where I can read more about this feature and how to configure it properly for use on my surf soho?

More specifically, if I set the local service firewall rules to deny any, what specifically does that do?

Think of a series of firewalls as a series of filters. If filter #1 stops entry for a particular connection then it does not matter what filter #2 does - the connection never gets there.

So if your router allows (say) Netflix, then the firewall in your PC controls access to Netflix. If your router denies Netflix then it does not matter what your PC firewall says - Netflix is dead :slight_smile:

1 Like

What would we need to do if we have both Static Connection as well as Dynamic connections via Speedfusion coming into one router?
Would putting the Protect all rule in, then adding an approval for Speedfusion handshakes/data allow for those connections to still work, but stop the PCI compliance scan issue?