Hi,
There is an ISG firewall with integrated IDP.
I got this crazy requirement from customer.
There is radius traffic (UDP) allowed from Server A to Server B via policy in firewall.
When Server A sents packets to Server B, there will be return packets for the traffic in the same session from Server B to Server A. They want this return to be blocked.
- My understanding is that this is not possible as firewall is stateful device.
-This might be possible on router(stateless) with firewall-filters(junos) or acl(cisco)
Does anyone think that i can block this with an integrated IDP.
Will the IDP behave in a stateful manner or will it make decisions based on flow?
I could set up a rule in IDP like:
1.source:Server-A Source-port: Radius Destination:Server-B Destination-Port:any Action:Permit
2.source:Server-B Source-port: Radius Destination:Server-A Destination-Port:any Action:Deny
Regards,
Haze