What's New
Firewall Rule Analysis Improvements
Management Network Checks
- Management network Info checks (FW-MGMT-001/002/004) now detect internet blocking via firewall rules, not just the network config toggle
- New INTERNET_BLOCK_BYPASSED audit detects allow rules that circumvent internet restrictions on networks with internet disabled
- 5G/LTE modem registration rules can match by IP, MAC, network, or ANY source
- NTP access validation uses UDP port 123 (NTP uses IPs, not DNS names)
App-Based Firewall Rules
- Overlap detection now handles rules with
AppIdsandAppCategoryIds(DPI-based rules) - Scope scoring correctly identifies APP rules as medium-broad and APP_CATEGORY as broad
- Shadowed rule detection ("Ineffective Allow Rule") works for app-based allow rules preceded by broad deny rules
Bug Fixes
- 5G/LTE device detection checks all devices, not just those with port tables