So..after some research I learned that the gx series with optional security license only blocks malware websites and domains….does not block outbound malware by port .
some security firewalls…even low end consumer grade with no subscriptions us AI to manage the detection of malicious out bound traffic .
I was going to start a block list but that’s a long list and a lot of malware can change their communication ports.
so…since we don’t have that…I guess I have to apply the same approach my previous job did, block everything, allow port by port as needed.
small home network with basic user and some appliance traffic so that would not be impossible.
only problem I see is that the gx series has no logging so I can tell what is good traffic by appliance so I can build the good traffic into the allow list.
my appliances which mainly operate in the lan, but has a wan feature in some cases to remotely manage. The remote management ports will be hit or miss.
I’ll start with the standard allow list to see what breaks.
Outbound ports to allow
- HTTP - TCP:80
- HTTPS- TCP:443
- POP3 - TCP:110 (secure POP is typically TCP:995)
- IMAP4- TCP:143 (secure IMAP is typically TCP:993)
- SMTP - TCP:25 (secure SMTP is typically TCP:465)
- DNS - UDP:53 (external lookups)
- MS RPC TCP, UDP Port 135
- NetBIOS/IP TCP, UDP Port 137-139
- SMB/IP TCP Port 445
- Trivial File Transfer Protocol (TFTP) UDP Port 69
- System log UDP Port 514
- Simple Network Management Protocol (SNMP) UDP Port 161-162
- Internet Relay Chat (IRC) TCP Port 6660-6669
my appliances that have over the internet management.
wireless mini split system
meriaki go network
hp printer
Network attached storage
secuity cameras
