Firewall Bi-Directional Rule question
Firewall Bi-Directional Rule question
This question comes up a lot. Using winscp as an example. If you open a winscp session on source (1.1.1.1) and then attempt to move files to and from 2.2.2.2. Do you need a firewall rule in both directions? For example, suppose only the following firewall rule exists and that all traffic is blocked by default and that firewall is stateful. >
Source = 1.1.1.1 destination = 2.2.2.2 destination port = tcp/22 Action = Allow
In this scenario would you be allowed to move files in both directions within the same winscp session or would you only be allowed to move files from source to destination? It's a lot of extra work and an extra hole in the firewall to create the reverse rule if it's not necessary.
Reverse rule for reference > Source = 2.2.2.2 destination = 1.1.1.1 destination port = tcp/22 Action = Allow
This question comes up a lot. Using winscp as an example. If you open a winscp session on source (1.1.1.1) and then attempt to move files to and from 2.2.2.2. Do you need a firewall rule in both directions? For example, suppose only the following firewall rule exists and that all traffic is blocked by default and that firewall is stateful. >
Source = 1.1.1.1 destination = 2.2.2.2 destination port = tcp/22 Action = Allow
In this scenario would you be allowed to move files in both directions within the same winscp session or would you only be allowed to move files from source to destination? It's a lot of extra work and an extra hole in the firewall to create the reverse rule if it's not necessary.
Reverse rule for reference > Source = 2.2.2.2 destination = 1.1.1.1 destination port = tcp/22 Action = Allow
