In many environments Network Address Translation (NAT) seems to be very extensively used. That has resulted in hundreds or even thousands of NAT rules in Firewall Policies. To help managing all these NAT rules, we have now introduce two nice features that you may have already used in Access Rules side.
| Administrators can now limit the number of connections to a service per source and/or destination IP. This limit is configured in FW Access Rules. Just select Permit as action, open the Action Options dialog and use these new settings there: |
The limits are valid per Source or Destination address. So if there are multiple Source or Destination addresses used in the policy, the limit applies to all of them separately. As you can see from the snapshot above, you can limit the connections by source and destination simultaneously.
In StoneGate Management Center 5.2 the VPN troubleshooting tools have improved significantly. There are a lot of new drill-in actions available in System Status view. You can for example right-click any VPN tunnel in the VPN diagrams and drill-in to logs that flow through the selected tunnel. You can also right-click individual Gateways or Endpoints (from the Info panel) and drill-in to the related logs.
StoneGate Firewall 5.2 supports now multicast routing through IGMP proxy. This new configuration option enables the most useful method to support “dynamic” multicast routing (defined in RFC 4605). Multicast Routing is now configured from the dialog that can be launced from the Interfaces tab in Firewall properties. Please note that IGMP proxy and Static Multicast Routing can not be used simultaneously.
Connection and Blacklist monitoring have been refactored in StoneGate 5.2. At the same time when making these functions more reliable, improved the communication protocol between the SMC and engines and increased the connection table update interval, we have introduced a couple of nice features for these two views. Read more information below about how Connection and Blacklist Monitoring have been improved.
During the last two years we have received feedback from Gartner as well as some customers that StoneGate IPS is surely efficient but it is a bit difficult to configure inspection rules for the device. The other feedback we have noticed in customer interviews is that administrators are not aware of all StoneGate’s inspection capabilities. Administrators don’t seem to have time to configure and manage Inspection rules as granular way as for managing the FW access rules.
In StoneGate 5.2 we have now answered your needs. There is a brand new way of configuring inspection rules with the help of a new Inspection Rules panel. Read more how to configure the Inspection rules with SMC 5.2.
Link aggregation or “network interface bonding” in linux terms, means a standard way to aggregate multiple physical network interfaces as a one. StoneGate firewalls will have a support for aggregated interfaces starting from version 5.2.
There are still some remaining tasks related to IPv6 support. Those include support for IPv6 clustering, IPv6 protocol agents and IPv6 NAT policies. These remaining enhancements are already in StoneGate roadmap and currently scheduled to version 5.3 (Q1/2011).
Why does Stonesoft support ask for sginfo files?
Have you ever been in the situation where you needed Stonesoft Support to help you troubleshoot a problem you are having only to be told to send them an sginfo and they will investigate? Ever wonder why?
Dear StoneBlog community,
from now on, we will reward select StoneBlog authors with a “I FW 127.0.0.1“ or “I eat hackers for breakfast” T-shirt, and maybe with an occasional mousepad. The criteria for these rewards if totally subjective – basically, whenever we read something nice, beautiful, funny, witty, something that makes us smile and/or makes our day, the T-shirt (or something else) is on its way. “Us” refers primarily to Stonesoft marketing department, but can, and hopefully will, be extended to include just about anyone.
So, whenever you think a StoneBlog post earns a T-shirt (or something else), please drop a line with a link to heli.harri(AT)stonesoft.com and tell us why. Happy StoneBlogging!
—-
PS. The first T-shirt goes to Ray Maurer for his utterly sincere, positive and enthusiastic real-life, real-world customer experience with StoneGate. This not only made our day, it made our whole week
. Thanks, Ray!


(7 votes, average: 4.86 out of 5)


(3 votes, average: 4.00 out of 5)


Recent Comments