[2024 May Tips & Tricks] Get a grip on the security policy of the Nebula firewall

zyxel_Lin

Get a grip on the security policy of the Nebula firewall

Firewalls are essential components of network security infrastructure and help prevent unauthorized access to or from private networks by filtering the traffic that flows through them. They can also be used to enforce corporate policies regarding acceptable use of the network and protect against various types of cyber threats including: malware, hacking attempts, and unauthorized access to sensitive data.

The Nebula firewall monitors and controls incoming and outgoing network traffic based on predetermined security policies. It requires an expert skill level to properly define/configure security policies so that your Nebula firewall does its job to inspect network packets and determine whether to allow or block them based on various criteria such as source and destination IP addresses, port numbers, protocols, and even packet contents.

To ensure that the Nebula firewall is secure enough out-of-the-box, there are pre-defined security policies in place. You can view these pre-defined security policies in the Nebula Control Center.

Go to Site-wide > Configure > Firewall > Security Policy, click to expand "Implicit allow rules," then you will see a complete list of factory-defined security policies allowing most of the traffic you want to pass through the firewall. You can also see the "Implicit deny rule," which blocks unwanted traffic.

Viewing Automatically Generated Security Policy Alongside NAT Rule Creation

As part of its user-friendly design, the Nebula firewall automatically generates a security policy associated with any NAT rule created by the firewall administrator. This mechanism operates seamlessly, saving you the effort of manually maintaining an up-to-date security policy.

You can review these dynamically generated security policies from the "Implicit Allow Rules" screen:

Papa_DIOP

What, if one wants to customize/edit that default security policy ?