StoneBlog.stonesoft.com

In StoneGate 5.3, you can now predefine the policy to be installed on the firewall engine after it has contacted the Management Server for the first time. With this small enhancement the administrators can make sure that the devices start working in a planned way right from the beginning without the need of someone waiting at HQ to be ready to upload the correct security policy for the device once it is deployed.

Continue reading »

written by Tero Jantunen - 697 views \\ tags: 5.3, automatic policy push, Feature Previews, Initial configuration, Policy, SMC

There has been a lot of enhancements on Firewall access control side in version 5.3. As you have seen there are a lot of new element types you can use in policy access rules including Users and User Groups, Domain Names, Zones, Applications, URL Categories and TLS Matches. One thing that hasn’t been mentioned yet is that you can combine different type of Source, Destination and Service elements with AND -condition with the help of new policy cell editor. Just right-click any Source, Destination or Service cell in Access rules and you’ll see a small popup dialog. Once you put different type of elements on the same row, match is done only if all the elements on that row match the traffic.

Continue reading »

written by Tero Jantunen - 836 views \\ tags: 5.3, access rule, Feature Previews, network access control, Policy, rule, SMC

As you have noticed the flexibility of policy configuration has increased in StoneGate Management Center 5.3. One of the most efficient enhancements on that side, is the ability to use Zones in policies. Zone is a tag that you can assign to any physical or VLAN interface of a firewall. You can use the Zones in Source and Destination cells in Access Rules and NAT rules.

Continue reading »

written by Tero Jantunen - 834 views \\ tags: 5.3, access rule, Feature Previews, firewall, Interface, Interface configuration, Policy, SMC, Zone

There is a nice new shortcut in SMC 5.2 that lets you to convert old policy snapshot as new policy in the SMC. Just right-click any policy snapshot element and select Tools > Restore… The system then imports the snapshot as a new policy element to SMC. This is a nice backup feature if you face the need to revert back to previous policy version.

In SMC 5.2, you can also restore individual element’s old version to your current SMC. Just open some old policy snapshot, right-click the element and select “Restore” from the menu that opens.

Both these restore actions launch Import process in which you still have the possibility to review the changes and change the import action (Import/Do Not Import/Rename). See more details about Import Enhancements in SMC 5.2 in here.

written by Tero Jantunen - 1,044 views \\ tags: 5.2, Feature Previews, Policy, Policy Snapshot, Restore, revert policy, SMC

This picture visualizes lots of small enhancements made related to policy editing:

Continue reading »

written by Tero Jantunen - 675 views \\ tags: 5.2, Feature Previews, Policy, rule, rules, SMC

In many environments Network Address Translation (NAT) seems to be very extensively used. That has resulted in hundreds or even thousands of NAT rules in Firewall Policies. To help managing all these NAT rules, we have now introduce two nice features that you may have already used in Access Rules side.

Continue reading »

written by Tero Jantunen - 1,275 views \\ tags: 5.2, counters, Feature Previews, firewall, Links, NAT, NAT rule, Policy, rule, rule tags, Shortcuts, SMC

The limits are valid per Source or Destination address. So if there are multiple Source or Destination addresses used in the policy, the limit applies to all of them separately. As you can see from the snapshot above, you can limit the connections by source and destination simultaneously.

written by Tero Jantunen - 789 views \\ tags: 5.2, Connection limiting, Connections, Feature Previews, firewall, Limit, Policy, rules, SMC

StoneGate 5.0 allows you to create new policy rules based on the selected log records. With a couple of clicks you can change the action for the specific log records, create an alert when the record next time appears or just say that you don’t want to get log records out of that specific type of event anymore.

How it works then?

1. Launch one of the “Create rule…” actions in the log entry’s right-click menu or in the Log Details view
2. Preview of the auto-generated rule is displayed in the dialog. The system auto-generates the host elements if no hosts already exist with the src and dst addresses of the log entry. The system also figures out what policy is currently installed to the engine that sent the specific record and change the action and logging level according to your wishes.
3. As the last step you can optionally open the desired policy for editing and drag & drop or cut & paste the rule to the correct location. By default, the rule is added to the beginning of the policy.

The Create rule -shortcuts are really convenient way to solve network issues in real-time with just a couple of clicks. However, we recommend that you manually group and reorganize these “exception rules” every now and then.

written by Tero Jantunen - 1,836 views \\ tags: 5.0, Features, Policy, SMC, stonegate

According to our studies, editing policies is the most frequent task of StoneGate administrators. That’s why we have introduced many new tools to optimize the workflows and tools related to policy editing tasks. Rule comment sections is one of those features.

StoneGate 5.0 creates automatically expandable/collapsable rule comment sections. Now it is easy to organize the policy so that your colleagues understand it too.

written by Tero Jantunen - 1,453 views \\ tags: 5.0, Features, Policy, SMC, stonegate

Did you accidentally drag & drop an element to a wrong rule? Or did you move the rule accidentally to a wrong location? Don’t panic – in StoneGate Management Center 5.0 you can undo/redo these kind of accidents now also in the policy editor. The solution we will provide supports unlimited amount of undo/redo steps until the last policy save.

written by Tero Jantunen - 1,495 views \\ tags: 5.0, Features, Policy, SMC, stonegate