About firewall rules
Firewall rules are divided into preset firewall rules and custom firewall rules.
Preset firewall rules are used to ensure full-fledged operation of Kaspersky IoT Secure Gateway. You cannot edit these rules, and they are not displayed in the Kaspersky IoT Secure Gateway web plug-in.
If necessary, you can create additional rules. These rules are called custom firewall rules. You can also change or delete rules of this type. Custom firewall rules are checked in the order defined in the Kaspersky Security Center Web Console, from top to bottom. You can create up to 1,000 custom firewall rules.
Kaspersky IoT Secure Gateway supports rules for the following protocols:
- TCP.
- UDP (only IPv4)
Stateful packet inspection (SPI) is enabled for all these protocols .
Preset rules allow the following Kaspersky IoT Secure Gateway connections:
- Outgoing connections to the Kaspersky Security Center Web Console server over the TCP protocol
- Outgoing connections to the update server over the TCP, UDP, and TCP/TLS protocols
- Incoming connections to the local web server over the HTTPS protocol
- Outgoing connection to the Syslog server over the TCP, UDP protocols
- Outgoing and incoming connections with mqtt data sources over the TCP protocol
- Outgoing and incoming connections with external and internal DNS servers over the UDP protocol