Jump to content

Traffic Controller feature - applies to LAN or LAN and WAN?


Recommended Posts

Do the rules within Traffic Controller apply to LAN as well as WAN/Internet? I'm sorry, its not clear to me.

Example - block all traffic, 'always' schedule to a single device.

1) Does this mean that the device can't access anything internet/WAN bound or would it apply internet/WAN + LAN (other devices on my network)?

2) Would the same rule also mean that the same device also can't be communicated with (its now the destination)?

Thanks very much.

 

 

Link to comment
Share on other sites

2 minutes ago, Netduma Fraser said:

If you're always blocking traffic to a specific device it will not be able to connect to anything over the internet - I don't believe it blocks locally as it blocks based on ports or using our DPI engine.

Thank you Fraser. I've recently got home and tested it. Confirmed, internet only. I guess that the same ruleset has no impact to inbound traffic from the internet?

My situation is that I have a NAS that's potentially exposed to big wave of ransomware attacks. I want UPnP disabled so I know its not going out the internet (I dont know how the ransom team are attacking). Whilst I can use Traffic Controller to prevent outgoing internet for the NAS but still consume from it locally (perfect), how can I make sure I'm protected outside -> in? I'm worried that having UPnP active might open a pipe for attack/workaround. I'm not sure if it even works like that... I've not got any Port Forward/Triggers rules configured for the NAS. Thanks!

Link to comment
Share on other sites

  • Administrators

It won't block inbound traffic specifically but it will block it getting to the specified device if you see what I mean. Have you actually been attacked? 

The router has a built in firewall already so that should protect you, keep the NAT option in WAN Settings on secured, ensure you're on the latest update for security fixes but other than that you should be fine. 

Link to comment
Share on other sites

4 minutes ago, Netduma Fraser said:

It won't block inbound traffic specifically but it will block it getting to the specified device if you see what I mean. Have you actually been attacked? 

The router has a built in firewall already so that should protect you, keep the NAT option in WAN Settings on secured, ensure you're on the latest update for security fixes but other than that you should be fine. 

No, I've not been hacked. But I also didn't configure their 'cloud' login that allows remote access, I think thats a vector they've used to get at others and then encrypt their files. I've always disabled internet/remote access on it anyway. I just want the NAS isolated to my local network only and will apply firmware updates manually. Thanks!

Link to comment
Share on other sites

I'm seeing the UPnP table populate with some torrent ports that's enabled on the NAS default downloader utility. I guess that's just the router fulfilling the UPnP request but will be rejected by the firewall (DPI engine?)? Thank you

Link to comment
Share on other sites

  • Administrators
12 minutes ago, scaryp said:

I'm seeing the UPnP table populate with some torrent ports that's enabled on the NAS default downloader utility. I guess that's just the router fulfilling the UPnP request but will be rejected by the firewall (DPI engine?)? Thank you

How did you make the Traffic Controller rule exactly, all ports? If so yes it won't actually get used!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...