Re: Firewall source/destination order question

Announcer · ‎05-04-2023

If I have a server on vlan2 192.168.1.7/24, and a pc on vlan3 192.168.2.7/24. I need to open up the a Symantec antivirus port for the client to get definitions from the server. Lets say it is TCP port 8900. What would the firewall rule look like?

allow <protocol> <source subnet> <src port> <destination subnet> <dst port>

allow ,TCP, 192.168.1.0/24, 8900, 192.168.2.0/24, 8900?

Would the source be the server side or the client side?

Would the source port be any and destination be 8900 or vice versa?

Thanks!

ww · ‎05-04-2023

The client source port is most time a random port. (But not always , best is to make a capture of the traffic and check yourself)

allow ,TCP, 192.168.1.0/24, any, 192.168.2.7, 8900?

alemabrahao · ‎05-04-2023

Source VLAN 3, port any, destination VLAN 2 port 8900

Announcer · ‎05-04-2023

Thanks @alemabrahao , just wondering why it wouldn't be

source vlan2, port 8900, destination vlan3, port any?

RaphaelL · ‎05-04-2023

It depends on the direction of the flow. If the server is fetching the clients then it's vlan 2 -> vlan 3. If it is the clients that are pushing to the server it's vlan 3 -> vlan 2.

Really depends on WHO initiates the sessions. Like ww said , a packet capture would be a good indicator. That or refering to the network guide of that application

alemabrahao · ‎05-04-2023

@RaphaelL answered your question. 🙂