Locking down your Firewall with Port Based Rules

It doesn’t matter what firewall you have, be it Cisco, Zyxel, Sonicwall etc you need to put rules in place to ensure that your network is properly protected.

There are a number of services you may also want to consider depending on your needs. These include content filtering, email filtering, anti-virus, and VPN licences. But the basics of a firewall require you to put rules in place that prevent / permit traffic to / from your network.

The most secure method would be to block all ports and then permit through only those ports that you require. The same goes for outbound as computers inside your network that get infected can use your network to launch other attacks or send information out to the unsavory types out there.

There are 65,535 ports in IPv4, and if you were to go through them all it would only lead to a headache and very little extra understanding. The basic idea however is that each port can be used by a service for example ‘http’ which you are using right now to read this is on port 80, whereas ‘https’ which you see on shopping sites to show they’re secure (or at least somewhat so) comes over port 443. I’ve included the most common items below and a few tips to make the rules more secure.

Port Number Service Direction Notes
25 SMTP Both SMTP is secure email, if you are using an email filtering company then only allow in from that direction, and only allow out from your email server.
80 HTTP Outbound Standard web browsing.
110 POP3 Both For when users access email via POP3 – if you access an external site for POP3 then outbound may also apply.
143 / 993 IMAP / Secure IMAP Both For when users access email via IMAP – if you access an external site for IMAP then outbound may also apply.
443 HTTPS Both Outbound as per port 80 however if you have phones etc accessing email via OWA / Active Sync then you will want both in and out, though it should then be locked to the mail server for inbound.
3389 Terminal Services Both To access remote desktops either inbound or outbound.

Leave a Reply