Firewall hit advice

[Nev]

Hi all,

Using a standard IP modem service which is remotely protected at the host gateway, Wingate no longer receives any inbound unsolicited traffic excepting these hits on the firewall from standard web browsing [to port 443 in this case, mostly 80] eminating from the web server...



My question is should I change the Port security rule which I have always used to deny ports 1~65535 TCP & UDP and allow this traffic.

The service does succeed even with these hits and I notice the KAV update also has port 20 showing at numerous sites where I deploy / maintain Wingate, in these instances a hole has been made fwiw.

[genie]

These firewall hits are most probably leftovers from the previously established connections - meaning, that the connection had been deregistered by Wingate firewall when the last connection packet (Reset in this particular case) arrived.

[Nev]

Good Genie thank you, so just ignore them really and leave the Firwall alone?

[genie]

Yeap. I know it's a bit annoying, though.

[Nev]

Yeap. I know it's a bit annoying, though.

Genie, would it 'work any better / faster' if I allowed this traffic, given this new service has a remote firewall elsewhere [stopping all the malware intrusions] I used to see previously.

As I said previously a rule has been created to purposedly deny all traffic from Ports 1~65535 in TCP & UDP.

[genie]

Well, it will surely be a bit faster but the difference is not really significant.