StoneBlog.stonesoft.com

In many environments Network Address Translation (NAT) seems to be very extensively used. That has resulted in hundreds or even thousands of NAT rules in Firewall Policies. To help managing all these NAT rules, we have now introduce two nice features that you may have already used in Access Rules side.

Continue reading »

written by teroja - 275 views \\ tags: counters, firewall, Links, NAT, NAT rule, Policy, rule, rule tags, Shortcuts, SMC

The limits are valid per Source or Destination address. So if there are multiple Source or Destination addresses used in the policy, the limit applies to all of them separately. As you can see from the snapshot above, you can limit the connections by source and destination simultaneously.

written by teroja - 217 views \\ tags: Connection limiting, Connections, firewall, Limit, Policy, rules, SMC

In StoneGate Management Center 5.2 the VPN troubleshooting tools have improved significantly. There are a lot of new drill-in actions available in System Status view. You can for example right-click any VPN tunnel in the VPN diagrams and drill-in to logs that flow through the selected tunnel. You can also right-click individual Gateways or Endpoints (from the Info panel) and drill-in to the related logs.

written by teroja - 278 views \\ tags: Drill-in, firewall, logs, Shortcuts, SMC, troubleshooting, VPN, VPN diagrams

StoneGate Firewall 5.2 supports now multicast routing through IGMP proxy. This new configuration option enables the most useful method to support “dynamic” multicast routing (defined in RFC 4605). Multicast Routing is now configured from the dialog that can be launced from the Interfaces tab in Firewall properties. Please note that IGMP proxy and Static Multicast Routing can not be used simultaneously.

written by teroja - 296 views \\ tags: firewall, IGMP Proxy, Multicast Routing, SMC

Connection and Blacklist monitoring have been refactored in StoneGate 5.2. At the same time when making these functions more reliable, improved the communication protocol between the SMC and engines and increased the connection table update interval, we have introduced a couple of nice features for these two views. Read more information below about how Connection and Blacklist Monitoring have been improved.

Continue reading »

written by teroja - 334 views \\ tags: Aggregation, Blacklist Monitoring, Connection Monitoring, firewall, IPS, Monitoring, SMC, Snapshots, statistics

During the last two years we have received feedback from Gartner as well as some customers that StoneGate IPS is surely efficient but it is a bit difficult to configure inspection rules for the device. The other feedback we have noticed in customer interviews is that administrators are not aware of all StoneGate’s inspection capabilities. Administrators don’t seem to have time to configure and manage Inspection rules as granular way as for managing the FW access rules.

In StoneGate 5.2 we have now answered your needs. There is a brand new way of configuring inspection rules with the help of a new Inspection Rules panel. Read more how to configure the Inspection rules with SMC 5.2.

Continue reading »

written by teroja - 450 views \\ tags: False positives, firewall, Inspection, Inspection configuration, Inspection rules, IPS, Situations, SMC

Link aggregation or “network interface bonding” in linux terms, means a standard way to aggregate multiple physical network interfaces as a one. StoneGate firewalls will have a support for aggregated interfaces starting from version 5.2.

Continue reading »

written by teroja - 392 views \\ tags: firewall, High Availability, Interface configuration, Link aggregation, load balancing, SMC

IPv6 support for StoneGate IPS was introduced already a couple of years ago in StoneGate 4.3. IPv6 support has now been extended to cover also Firewalls. You can now use IPv6 addresses in FW interface configuration, configure IPv6 Routing and define the IPv6 Access Policy with the help of IPv6 hosts and, networks and address ranges.

There are still some remaining tasks related to IPv6 support. Those include support for IPv6 clustering, IPv6 protocol agents and IPv6 NAT policies. These remaining enhancements are already in StoneGate roadmap and currently scheduled to version 5.3 (Q1/2011).

written by teroja - 583 views \\ tags: firewall, IPv6, SMC

Have you ever been in the situation where you needed Stonesoft Support to help you troubleshoot a problem you are having only to be told to send them an sginfo and they will investigate?  Ever wonder why?

Continue reading »

written by SideKick - 559 views \\ tags: firewall, IPS, SMC, SSL VPN

Dear StoneBlog community,

from now on, we will reward select StoneBlog authors with a “I FW 127.0.0.1“  or “I eat hackers for breakfast” T-shirt, and maybe with an occasional mousepad.  The criteria for these rewards if totally subjective – basically, whenever we read something nice, beautiful, funny, witty, something that makes us smile and/or makes our day, the T-shirt (or something else) is on its way. “Us” refers primarily to Stonesoft marketing department, but can, and hopefully will, be extended to include just about anyone.

So, whenever you think a StoneBlog post earns a T-shirt (or something else), please drop a line with a link to heli.harri(AT)stonesoft.com  and tell us why. Happy StoneBlogging!

—-
PS. The first T-shirt goes to Ray Maurer for his utterly sincere, positive and enthusiastic real-life, real-world customer experience with StoneGate. This not only made our day, it made our whole week . Thanks, Ray!

written by helih - 1,403 views \\ tags: 127.0.0.1, firewall, hackers, StoneBlog Community