Traffic Controller feature - applies to LAN or LAN and WAN?

[scaryp]

Do the rules within Traffic Controller apply to LAN as well as WAN/Internet? I'm sorry, its not clear to me.

Example - block all traffic, 'always' schedule to a single device.

1) Does this mean that the device can't access anything internet/WAN bound or would it apply internet/WAN + LAN (other devices on my network)?

2) Would the same rule also mean that the same device also can't be communicated with (its now the destination)?

Thanks very much.

 

 

[Netduma Fraser]

If you're always blocking traffic to a specific device it will not be able to connect to anything over the internet - I don't believe it blocks locally as it blocks based on ports or using our DPI engine.

[scaryp]

2 minutes ago, Netduma Fraser said:

If you're always blocking traffic to a specific device it will not be able to connect to anything over the internet - I don't believe it blocks locally as it blocks based on ports or using our DPI engine.

Thank you Fraser. I've recently got home and tested it. Confirmed, internet only. I guess that the same ruleset has no impact to inbound traffic from the internet?

My situation is that I have a NAS that's potentially exposed to big wave of ransomware attacks. I want UPnP disabled so I know its not going out the internet (I dont know how the ransom team are attacking). Whilst I can use Traffic Controller to prevent outgoing internet for the NAS but still consume from it locally (perfect), how can I make sure I'm protected outside -> in? I'm worried that having UPnP active might open a pipe for attack/workaround. I'm not sure if it even works like that... I've not got any Port Forward/Triggers rules configured for the NAS. Thanks!

[Netduma Fraser]

It won't block inbound traffic specifically but it will block it getting to the specified device if you see what I mean. Have you actually been attacked? 

The router has a built in firewall already so that should protect you, keep the NAT option in WAN Settings on secured, ensure you're on the latest update for security fixes but other than that you should be fine. 

[scaryp]

4 minutes ago, Netduma Fraser said:

It won't block inbound traffic specifically but it will block it getting to the specified device if you see what I mean. Have you actually been attacked? 

The router has a built in firewall already so that should protect you, keep the NAT option in WAN Settings on secured, ensure you're on the latest update for security fixes but other than that you should be fine. 

No, I've not been hacked. But I also didn't configure their 'cloud' login that allows remote access, I think thats a vector they've used to get at others and then encrypt their files. I've always disabled internet/remote access on it anyway. I just want the NAS isolated to my local network only and will apply firmware updates manually. Thanks!

[scaryp]

I'm seeing the UPnP table populate with some torrent ports that's enabled on the NAS default downloader utility. I guess that's just the router fulfilling the UPnP request but will be rejected by the firewall (DPI engine?)? Thank you

[Netduma Fraser]

12 minutes ago, scaryp said:

I'm seeing the UPnP table populate with some torrent ports that's enabled on the NAS default downloader utility. I guess that's just the router fulfilling the UPnP request but will be rejected by the firewall (DPI engine?)? Thank you

How did you make the Traffic Controller rule exactly, all ports? If so yes it won't actually get used!

[scaryp]

1 minute ago, Netduma Fraser said:

How did you make the Traffic Controller rule exactly, all ports? If so yes it won't actually get used!

Yes - all traffic, blocked, full schedule.

[Netduma Fraser]

59 minutes ago, scaryp said:

Yes - all traffic, blocked, full schedule.

Okay great then you're protected as much as you can be!