It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Port Protocol Protection

  • Last updated on

Port Protocol Protection uses deep packet inspection to enforce the used protocol on a port. Port protocol detection can be configured with a positive or negative security model. The allow list policy allows only the selected protocols; the block list mode allows all protocols that are not selected.

Before You Begin

Create a service object. For more information, see Service Objects.

Step 1. Enable Port Protocol Protection

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > General Firewall Configuration.
  2. In the left menu, click Application Detection.
  3. From the Enable Protocol Detection list, select yes.
    port_protocol_protection_01.png
  4. Click Send Changes and Activate.

Step 2. Add Port Protocol Protection to a Service Object

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. In the left menu, click Services.
  3. Double-click the service object. The Edit/Create Service Object window opens.
  4. Double-click the service entry. The Service Entry Parameters window opens.
  5. From the Action for prohibited Protocols list, select the Port Protocol Protection policy:

    • No Protocol Protection – Disable Port Protocol Protection.

    • Report – Report prohibited protocols on the FIREWALL > Live and FIREWALL > History pages.

    • Reset – Sessions using unallowed protocols are terminated with a TCP RST. 

    • Drop – The session with the unallowed protocol is kept open, but the traffic is dropped.

  6. From the Detection Policy list, select Allow Listing or Block Listing.
  7. In the Allow Listed Protocol list, expand the menu items and double-click on every protocol you want to add to the Detection policy.
  8. Click OK
    port_protocol_protection_03.png
  9. Click OK.
  10. Click Send Changes and Activate.