Blocking all outbound ports - except core needed ones?

speakerfritz
A model citizen

Blocking all outbound ports - except core needed ones?

So..after some research I learned that the gx series with optional security license only blocks malware websites and domains….does not block outbound malware by port .

 

some security firewalls…even low end consumer grade with no subscriptions  us AI to manage the detection of malicious out bound traffic .  


I was going to start a block list but that’s a long list and a lot of malware can change their communication ports.

 

so…since we don’t have that…I guess I have to apply the same approach my previous job did, block everything, allow port by port as needed.

 

small home network with basic user and some appliance traffic so that would not be impossible.

 

 

only problem I see is that the gx series has no logging so I can tell what is good traffic by appliance so I can build the good traffic into the allow list.

 

my appliances which mainly operate in the lan, but has a  wan feature in some cases to remotely manage.  The remote management ports will be hit or miss.

 

 I’ll start with the standard allow list to see what breaks.

 

Outbound ports to allow

 

 

  • HTTP - TCP:80
  • HTTPS- TCP:443
  • POP3 - TCP:110 (secure POP is typically TCP:995)
  • IMAP4- TCP:143 (secure IMAP is typically TCP:993)
  • SMTP - TCP:25 (secure SMTP is typically TCP:465)
  • DNS - UDP:53 (external lookups)
  •  
  • MS RPC TCP, UDP Port 135
  • NetBIOS/IP TCP, UDP Port 137-139
  • SMB/IP TCP Port 445
  • Trivial File Transfer Protocol (TFTP) UDP Port 69
  • System log UDP Port 514
  • Simple Network Management Protocol (SNMP) UDP Port 161-162
  • Internet Relay Chat (IRC) TCP Port 6660-6669

 

my appliances that have over the internet management.

 

wireless mini split system

 

meriaki go network

 

hp printer

 

Network attached storage

 

secuity cameras

 

 

 

 

 

1 REPLY 1
speakerfritz
A model citizen

also, I’m assuming I have to direct connect to the gx-50 so I don’t lock myself out

 

dont know if the Meraki go website was to commmunicate internally …I assume everything will go thru external interface.