1

For example. If you're behind a VPN and want to get on on facebook and youtube. Will all outgoing traffic need to make a request to the firewall first?

I don't really know extensively how well a firewall would catch all of this and more specifically how traffic is routed on an internal network.

This is not so I can slack off at work or school, but rather so that I can get a better idea of how exactly these things work below the surface. On a high level I get that the VPN is a "point to point" connection, but if your only source was a school or company network isn't it pretty pointless whether youre behind a vpn or not because 1.) VPN rules/ports may not even be allowed on FW to begin with and

2.) VPN has to send and receive outgoing and incoming requests.

How are these rules different if youre checking your email behind HTTPS?

user1675391
  • 11
  • 1
  • Does the administrator have control of your PC too? – AlexH Mar 31 '15 at 09:24
  • [A related answer](http://security.stackexchange.com/questions/72679/differences-between-using-tor-browser-and-vpn/72729#72729) – RoraΖ Mar 31 '15 at 11:07
  • Firewalls are kind of pass or fail devices. No requests are being made to a firewall. Packets are sent out, if the packet fails to meet the rules for outgoing connections then the packet is dropped. Same goes for incoming packets. If a network is properly setup then all outgoing and incoming traffic should pass through the firewall. – RoraΖ Mar 31 '15 at 11:10
  • possible duplicate of [What can IT see and log?](http://security.stackexchange.com/questions/76182/what-can-it-see-and-log) – Xander Mar 31 '15 at 14:31

1 Answers1

0

A firewall is a device that sits between the Local Area Network (LAN) and Wide Area Network (WAN). I stole this picture from the Firewall wiki page.

enter image description here

Rules are setup on the firewall based on IP and port numbers. You can restrict subnets of IPs from using certain ports. Rules for both incoming and outgoing communication is generally necessary. There can also be deep packet inspection where the firewall goes deeper into the networking layers for a more fine grain filter. But this is all a firewall is, a filter. No requests to the firewall happen. Packets just get sent through, and some (normally most) will be blocked.

The thing about HTTPS is that the domain name is still visible to the firewall in a couple ways. DNS requests for the domain are visible. A firewall can block DNS requests to specific domains. The URL is also visible in certain SSL/TLS extensions, and the server certificate. A firewall could inspect this application data, and block based on the domain provided by the server's certificate.

  1. You're correct. Attempting to use a proxy or VPN might be blocked by the firewall if the rules are setup to block them.
  2. I'm not really sure what the question is here. But yes a VPN must be allowed by the firewall in both directions.

If you're using email protocols (IMAP, POP3, SMTP) then those rules must be allowed by the firewall. If you're checking Gmail, then again the domain can be blocked by the firewall.

Community
  • 1
RoraΖ
  • 12,317
  • 4
  • 51
  • 83