I have some questions about how the SEP Firewall works:
1. If I create a firewall policy with no rules, how will it behave? Will it allow all traffic? Block all traffic? Allow all outbound but block inbound?
2. I've always assumed that the SEP Firewall is stateful. Is that true? Reading the help files about Source/Destination vs Local/Remote almost sounds like it isn't stateful. The online documentation states for source/destination:
If the client communicates with a Web server and the traffic is inbound, then the source host is the Web server; the destination host is the client. If the traffic is outbound, the source host is the client and the destination host is the Web server.
This is not true for a traditional stateful firewall. In a stateful firewall, the client would initiate a connection with the web server, and the response from the web server would be handled under the same rule. I'm pretty sure the SEP firewall is stateful, otherwise we would have to allow all inbound traffic to let a web server reply to a http request. Seems like the documentation is wrong.
3. How do I create a firewall rule that allows all traffic outbound traffic from me (local) but blocks all inbound traffic that isn't in response to a request from me.
4. Why do you even have options to select IP ranges, subnets, dns names, etc for the Local option when you use Local/Remote? Isn't Local always "me" and only "me"?
Thanks!
Paul