I have read some posts about wanting to change the Deny All rule to a Drop All. I also understand that doing this causes things like DNS etc. to stop working. I see the want for this and would like to do it myself so that network scans etc. do not get any response back. I am wondering if you create a rule just above the Deny All rule that is a Drop All from only the External interface what kind of impact would it have? Would it break things like VPN connections etc? I am just thinking if the traffic was initiated externally and didn't match any rule, would it be OK to just drop the packets. I am curious to know if anyone has tried this or knows what kind of impact it would have. Thanks for your feedback!
The rule that you want to create does sound like the correct route to go, take a look at this KB article. It is actually for an upgrade from a previous product version, but most of it will apply.
Firewall Enterprise/Sidewinder/Secure Firewall 7.x: HA communication or NTP/DNS queries fail after upgrading from Classic/TSP to Firewall Enterprise KB64684
Note: if you create the drop rule and it is not matching the traffic, try setting a redirect for the rule. There are times where traffic with a destination of the firewall may not match a rule unless it has a redirect. If this is the case for you then I would suggest contacting support to report that.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.