Applies to Platform: UTM 2.4, UTM 2.5; 4i Edge 2.5
Last Update: 04 June 2014
In this lesson we explain how to block a specific service with Endian UTM with two slight different example
Before adding a new rule, check if there is already an existing rule that allows or blocks the same service and in that case modify or delete that one and create a new one. For example by default Endian allows the FTP traffic from GREEN to RED zone (see rule n°3 in the first screenshot below) but we want to block all FTP traffic, so either modify that rule or delete it and create a new one. We choose the second approach here.
This is useful when you want disable certain services or protocols that for you are unsafe or unuseful from some network or IP.
1. Create a rule to block FTP service
This first example shows how to block the FTP Service from the GREEN to the RED zone.
From the web GUI go to Menubar > Firewall > Outgoing Traffic > Add a New Firewall Rule.
You can now define the rule, providing appropriate values for the various parts of the rule: you should select what type of Source interface (1) to block (in this case the GREEN interface), you need to specify the Destination (2), that can be selected from three types of Destination, in this case the RED zone, i.e., all uplinks.
Under Service/Port (3), select the type of service to block (selecting FTP from the first drop-down menu automatically selects the protocol and destination port ), under Policy (4) select the action to do (in this case Deny, to block the service). Best practice is also to insert a Remark (5) for the rule, this will prove useful to remember what the rule does. You are now done! click on Update rule (6). A green pop-up appears: Click the Apply button to save the changes. The list of firewall rules will appear as follows:
2. Create a Rule to block E-Mail Services
This example explains how to block all the E-Mail Services (POP, POP3s, IMAP, IMAPs and SMTP).
Most of steps are similar to how to block FTP service.
Unlike the previous example, in which you chose a predefined combination of service/protocol/port, you need to specify more than one port at the same time (though you could create one rule for each port). To do so, in Service/Port (3) select User defined, in Protocol (4) choose TCP, and specify as Destination ports (5) 25, 110, 143, 993 and 995 one per line.
Finally, under Policy (6) select Deny to block the traffic and insert a Remark (7) for the rule, which proves useful to remember what the rule does. You are now done! Click on Update rule. A green pop-up appears: Click the Apply button to save the changes.