Hello

I would like some advice on Firewall best practices on Vigor 2850 and 2860 devices.

My questions are whether I should create inbound and outbound rules blocking ALL ports and then create rules allowing ONLY the ports my organisation uses from ONLY the IP addresses allowed??

Is this what most people do? there can be quite a few administration over heads by doing this... but I am concerned about security and want to maintain a strong level of security...

I have heard conflicting information about how to setup the firewall, I have had it suggested to me that the default rules (out of the box) are fine as a certain amount of port blocking already occurs...? I have struggled to find definitive information about how I should configure the firewall.

At present I only port forward essential ports and have setup a number of port 25 blocks and allows to protect my email server but Im wondering if I should have many more inbound and outbound rules and blocks in place....?

Can anyone help please

By default trust to untrust is passed and the opposite it closed and you need to open the ports.

If you want to be really tight then create a LAN > WAN rule from Any source to Any destination & Any service and "Block All unless further match".
Underneath this rule you can then add new polices for the service ports you want to allow out.
The firewall logic engine works top down so for example if you have a "block immediately" rule in place then it wont look at anything below it. that's why you use the unless further match option.

Great, thanks for your reply...

I understand the block unless no further match and am familiar with creating the block as the first rule (unless no further match) then creating the allow rules after it.

So just to confirm I have understood correctly...

I don't need to create inbound block (then allow) rules as the router blocks these automatically because they are untrusted...
But internal traffic is considered trusted and therefore allowed out. Being thorough would involve blocking outbound traffic (any IP) to (any destination) to (any port) as you stipulated, followed by allow rules for the IP's and protocols I want to allow out. Have I understood correctly? that is how I have interpretted your post and it makes sense. (hopefully I have understood correctly), thank you