Tuesday, March 17, 2020

Is it stupid to combine an inbound and outbound firewall rule into one rule?

I am working on a large firewall change on our Palo Alto 5060's and the customer indicated this traffic is initiated from both sides. The traffic will be sent to the same destination port regardless of who initiates the traffic. Is there any harm in basically combining the inbound and outbound rules into one rule? Basically the source zone would include both the trusted and untrusted zone, as would the destination zone. The source IP would include both the local IP on my side and the far end IP. Repeat for the destination IP.

Is there any harm in this? I've discussed it with my colleagues and the only argument against this I've heard so far is that troubleshooting may be more difficult to troubleshoot/differentiate the inbound vs the outbound rule matching since they would both be in one rule.

Thanks in advance for any help.



No comments:

Post a Comment