How to detect clients connecting inbound to the network?

  • 1
  • Question
  • Updated 5 years ago
  • Answered
The Firewall Validation report focuses on clients connecting inbound to your network.

A sample of the report output is shown below and it shows the ports/services that the client connected to. You can get further information by clicking on the total column. The report uses the logic !10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 in the client field in the TCP Traffic Distribution report which means show all clients detected on the network that have an IP address not contained within 10.0.0.0/8 or 192.168.0.0/16 or 172.16.0.0/12.



Situations where you would use this report:Auditing outbound and inbound rules on the firewall. You can use the report to check for the most active clients connecting to external and internal resources and use this info to ‘strengthen’ the firewall rule set.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 391 Posts
  • 8 Reply Likes

Posted 8 years ago

  • 1
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 391 Posts
  • 8 Reply Likes
LANGuardian can differentiate between internal traffic and perimeter
traffic. It provides two reports that give a port-by-port breakdown of
perimeter traffic: 




IP :: Inbound Connections :: TCP



This report displays the ports being used by traffic going into
your network.





IP :: Outbound Connections :: TCP



This report displays the ports being used by traffic going out of
your network.





Using
these reports, you can see at a glance what ports are enabled on your
network and you can quickly take action to disable any ports that
should not be enabled.