Default Access Rules Overview

By default, the security appliance’s stateful packet inspection allows all communication from the LAN to the internet and blocks all traffic to the LAN from the internet. The following behaviours are defined by the default stateful inspection packet access rule that gets enabled in the security appliance: ​

• Allow all sessions originating from the LAN, the WLAN to the WAN, or DMZ (except when the destination WAN IP address is the WAN interface of the appliance itself).​
• Allow all sessions originating from the DMZ to the WAN. ​
• Deny all sessions originating from the WAN to the DMZ. ​
• Deny all sessions originating from the WAN and DMZ to the LAN or WLAN.

SANS Institute is a trusted resource for cybersecurity research. They offer a firewall checklist that can help you identify recommended ports to block if you choose to use it.