Back to How To Guides
How To Guide

How to Implement Firewall Rules for Office Security

Firewall rules control what traffic enters and leaves your network. Properly configured rules are your first line of defence against external threats.

Overview

The principle of least privilege applies to firewalls: deny everything by default, then create specific rules to allow only necessary traffic. Rules are processed top-to-bottom, and the first matching rule wins.

Step 1: Firewall Rule Fundamentals

Understand how firewall rules work before making changes.

1

Rule Structure

  • Every rule has five components: Source, Destination, Port/Service, Protocol, Action
  • Action is either Allow (permit traffic) or Deny (block traffic)
  • Rules are evaluated in order — first match wins, remaining rules are skipped
  • A default rule at the bottom should be DENY ALL (implicit deny)
  • More specific rules must be placed above more general rules
  • Example: Allow 10.10.1.0/24 → Any on TCP 80,443 = let corporate network browse the web
2

Inbound Rules (WAN to LAN)

  • Block ALL unsolicited inbound traffic by default
  • Only allow inbound traffic for specific published services
  • If hosting a web server: Allow Any → Server_IP on TCP 80,443
  • If using VPN: Allow Any → Firewall_IP on UDP 1194 (OpenVPN) or 51820 (WireGuard)
  • If hosting email: Allow Any → Mail_IP on TCP 25,465,993
  • Never expose RDP (3389), SMB (445), or database ports to the internet
Warning:

Exposing RDP to the internet is the single most common entry point for ransomware. Always require VPN access first.

3

Outbound Rules (LAN to WAN)

  • Allow HTTP/HTTPS (TCP 80, 443) for web browsing
  • Allow DNS (UDP/TCP 53) to your DNS servers only — not to 'any'
  • Allow email (TCP 25, 465, 587, 993) only to your mail provider's IPs
  • Allow NTP (UDP 123) for time synchronisation
  • Allow VPN traffic to your cloud VPN endpoint
  • Block all other outbound traffic — this catches malware trying to phone home
4

Inter-VLAN Rules

  • Define rules between your network segments
  • Allow corporate VLAN → server VLAN on specific service ports
  • Block guest VLAN → all internal VLANs entirely
  • Allow IoT VLAN → internet only (not internal resources)
  • Block all inter-VLAN traffic unless explicitly allowed
  • Review inter-VLAN rules quarterly for unnecessary access

Step 2: Advanced Configuration

Enhance your firewall with additional security layers.

1

Intrusion Prevention

  • Enable IDS/IPS on your firewall if supported
  • Subscribe to threat intelligence feeds for automatic IP blocking
  • Enable geo-blocking for countries you don't do business with
  • Block known malicious IP ranges and Tor exit nodes
  • Set up rate limiting to mitigate DDoS attacks
  • Configure application-layer filtering if your firewall supports it
2

NAT and Port Forwarding

  • Use NAT to hide internal IP addresses from the internet
  • Only create port forwarding rules for essential services
  • Document every port forward: purpose, internal IP, ports, requester
  • Review port forwards quarterly and remove unused ones
  • Consider using a reverse proxy instead of direct port forwarding for web services
  • Never forward 'all ports' to an internal device
3

VPN Configuration

  • Configure site-to-site VPN for branch office connections
  • Set up remote access VPN for employees working from home
  • Use strong encryption: AES-256 with SHA-256 or higher
  • Require multi-factor authentication for VPN connections
  • Assign VPN users to a dedicated subnet with limited access
  • Log all VPN connections including connect/disconnect times

Step 3: Logging and Monitoring

Track what your firewall is doing.

1

Configure Logging

  • Enable logging for ALL denied traffic (detects scanning and attacks)
  • Log allowed traffic to sensitive servers (audit trail)
  • Log admin access to the firewall itself
  • Send logs to a central syslog server (don't rely on firewall local storage)
  • Set log retention to at least 90 days (365 days for compliance)
  • Include timestamp, source/dest IP, port, protocol, and action in logs
2

Review and Alerting

  • Review firewall logs weekly at minimum
  • Set up real-time alerts for: repeated blocks from same source, admin login failures, rule changes
  • Monitor for port scanning patterns (sequential port access from one source)
  • Track top blocked sources and destinations
  • Generate monthly firewall reports for management
  • Use log analysis tools like Graylog or ELK Stack for pattern detection
Pro Tip:

Schedule a 30-minute weekly firewall log review. Most attacks leave traces in denied traffic logs days before they succeed.

3

Rule Maintenance

  • Review all firewall rules quarterly
  • Remove rules that are no longer needed
  • Document the purpose of every rule with comments
  • Track who requested each rule and when
  • Test rule changes in a maintenance window
  • Keep a changelog of all firewall modifications

Need Professional Help?

Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.

Get in Touch Call 01726 76999

Related Guides

How to Design a Secure Business Network Layout

Step-by-step guide with expert tips.

Learn more →

How to Set Up NAS for Centralised Storage

Step-by-step guide with expert tips.

Learn more →

Professional IT Support

Need hands-on help? Our engineers are ready.

Learn more →