Outbound NAT security implications

Started by firemywall, July 09, 2023, 11:08:11 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 09, 2023, 11:08:11 PM
My kids have a few Nintendo switches. To play online I need to implement uPNP or outbound NAT rules for connectivity.

I previously had the Nintendo's on their own vlan with uPNP which worked fine but I hated the hole in my firewall.

I found today if I enable hybrid outbound NAT rules and create an outbound rule for the Nintendo's with "static port" checked I get the same quality of connectivity for online gameplay (NAT B) as uPNP.

My question:
I'm assuming outbound NAT with static ports is much safer than uPNP. What are the security implications for these outbound NAT rules? Are there any? Would I be safe to have these rules not on a locked down VLAN? I've done some searching and I believe this would not open up any security holes like uPNP would but looking for advice.

Thanks



July 10, 2023, 10:25:33 AM #1
The threat model for an outbound policy that is too relaxed is a rogue device that phones home and creates a tunnel for unauthorised access.

No external source can exploit it directly. If you are reasonably sure about internal devices, uPNP is an acceptable risk

Bart...
Print
Go Up Pages1
User actions