Firewall Blocks Still Reach Threat Prevention

Currently reading
Firewall Blocks Still Reach Threat Prevention

41
4
NAS
DS220J, DS420J
Operating system
  1. Windows
Mobile operating system
  1. Android
I have setup the router's (2600, V1.2.5) firewall to block entire subnets, e.g. 2.0.0.0 - 2.255.255.255, yet threat IP addresses within this subnet still are dropped by Threat Prevention.
I know the firewall is working because I get many hits on the blocked subnet. Is TP before the firewall then? Or is there even a layered sequence of protection?
 
Last edited:
Way back when, (RT2600ac by the way...) I contacted support, asking: “Who’s on First?” With regards to FW, TP, and such. At that time, they gave me a flow without VPN or Port forwarding in consideration.

Now with VLAN, VPN, Port Forwarding…. this certainly changed.

I do have that years old flow chart printed out and if no-one has a later flow diagram….. which I would like to see…. And save for future reference… I’ll post it.

Flow is Bi-Directional:

This info came from "Andrew" years ago:

INCOMING PACKET=<>Outward facing Firewall <> Threat Prevention <> Safe Access <> Traffic Control <>Inward Facing Firewall <>= OUTGOING PACKET

This has de-mystified the actions for me....

If anyone has a revised version showing how VPN, VLAN and Port Forwarding affects this... I'd like to see it, please!
 
Way back when, (RT2600ac by the way...)
It makes most sense to me for the firewall to be first as in the priority flow you show. I continue to see TP blocks on IPs I have blocked in the firewall even after I have rebooted the router. It was suggested that if a firewall rule was implemented before a "very long TCP timeout" that it appear TP is the priority, but I have rebooted the router and still see TP reporting threats on IP have a blocked in the firewall.
 
It makes most sense to me for the firewall to be first as in the priority flow you show. I continue to see TP blocks on IPs I have blocked in the firewall even after I have rebooted the router. It was suggested that if a firewall rule was implemented before a "very long TCP timeout" that it appear TP is the priority, but I have rebooted the router and still see TP reporting threats on IP have a blocked in the firewall.
You're not the only one, I've rebooted router and still see firewall rules being bypassed. I can confirm that after lots of trial and error with a RT2600ac router over nearly 2 yrs, firewall reacts before TP. Flow chart noted above by holds up for me though I'm curious why @Rusty says TP has priority.

Up until recently my firewall was working except for rare pass through to TP of country in a firewall rule. My problems seem to be cascading after recent TP package update but not sure if related. I've noted my issues in a separate post so I didn't hijack your post here. firewall not blocking properly
 
Last edited:
I’m trying to determine how the new TP settings, that I honestly don’t understand, that I referred to in a recent post could be part of this. ??
I’m getting TP Hits in TP from China with China blocked, but I thought that was them using a non China IP.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

All. One minute I can see where to post then I look away and its gone (ok down off the page under...
Replies
0
Views
556
OK. I don't bother with QuickConnect for my router, there's nothing running on it that others need to have...
Replies
6
Views
1,861

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top