The firewall rules are divided into preset and custom. Kaspersky IoT Secure Gateway 1000 supports rules for the TCP and UDP protocols (only IPv4). Stateful Packet Inspection is enabled for these protocols. In addition, the Kaspersky IoT Secure Gateway 1000 firewall checks network traffic against the lists of blocked and allowed IP addresses.
Preset firewall rules
Preset rules are supplied as part of Kaspersky IoT Secure Gateway 1000 and ensure full operation of the Kaspersky IoT Secure Gateway 1000 firewall. These rules cannot be modified, and they are not displayed in Kaspersky Security Center 14.2 Web Console. Preset rules allow the following Kaspersky IoT Secure Gateway 1000 connection types:
Custom firewall rules
You can manually create custom firewall rules, and edit or delete rules of this type. Changes to the configuration of custom rules are applied to the system after Kaspersky IoT Secure Gateway 1000 and Kaspersky Security Center are synchronized. Custom firewall rules are checked in the order defined in the Kaspersky Security Center 14.2 Web Console, from top to bottom. You can create up to 512 custom firewall rules. Events of creation, modification, and deletion of custom rules, as well as of reaching their limit, are recorded in the event log.
Custom rules can also be received from third-party intrusion detection tools that Kaspersky IoT Secure Gateway 1000 integrates with via Kaspersky Security Center OpenAPI™.
Kaspersky IoT Secure Gateway 1000 cannot independently detect attacks that originate on an external network. This requires integration with third-party intrusion detection tools. Kaspersky IoT Secure Gateway 1000 and intrusion detection tools must be connected to the same instance of Kaspersky Security Center Administration Server.
When suspicious network activity or a possible intrusion from an external network is detected, the third-party intrusion detection system sends a rule to Kaspersky IoT Secure Gateway 1000 to block the source of the suspicious network activity. Kaspersky IoT Secure Gateway 1000 creates the rule in the firewall and blocks the source IP address according to that rule.
The created rule remains valid indefinitely. You can delete the rule manually if needed.
You can view the table of custom firewall rules in Kaspersky Security Center 14.2 Web Console in the Network → Firewall section. The following information is displayed for each rule:
The following limitations apply to the custom firewall rules of Kaspersky IoT Secure Gateway 1000:
Service ports used by Kaspersky IoT Secure Gateway 1000
Service port |
Appointment |
|---|---|
53 |
Used by the DNS service. |
67 |
Used by the DHCP service. |
68 |
Used by the DHCP service. |
443 |
Reserved for the built-in web server and is used by default to connect to the web interface of Kaspersky IoT Secure Gateway 1000. |
514 |
Reserved for the built-in client that sends event logs to the Syslog server (if used). You can configure the settings for sending events to the Syslog server. |
1883 |
Reserved for the built-in MQTT broker and is used for connecting over the internal network segment. |
8883 |
Reserved for the built-in MQTT broker and is used for synchronization with cloud services. |
13294 |
Used to connect to the Kaspersky Security Center Administration Server. |
25014 |
Reserved for creating and debugging applications and is available for management only in a special version of Kaspersky IoT Secure Gateway 1000 for the developer. The developer version of Kaspersky IoT Secure Gateway 1000 is delivered with the Kaspersky IoT Secure Gateway 1000 SDK distribution kit. For details, see the Kaspersky IoT Secure Gateway 1000 SDK Help Guide. |
Firewall rules and filtering rules are applied to traffic analysis only at the time of establishing a connection via TCP.
Page top