StoneBlog.stonesoft.com

Did you accidentally drag & drop an element to a wrong rule? Or did you move the rule accidentally to a wrong location? Don’t panic – in StoneGate Management Center 5.0 you can undo/redo these kind of accidents now also in the policy editor. The solution we will provide supports unlimited amount of undo/redo steps until the last policy save.

written by Tero Jantunen - 1,642 views \\ tags: 5.0, Features, Policy, SMC, stonegate

The refuse action behaves differently depending on the protocol in rule:

• For TCP packets (with any combination of flags), a TCP Reset packet is sent with proper port and sequence number settings.

• For UDP packets, an ICMP Port Unreachable (Type 3, Code 3) is sent with the eight first bytes copied from the original IP packet (exactly like they appear) in the payload.

• For ICMP packets, no responses are sent at all. This is treated like a ‘discard’ action would be used.

• For any other type of IP packets, an ICMP Protocol Unreachable (Type 3, Code 2) is sent with the eight first bytes copied from the original IP packet (exactly like they appear) in the payload.

written by christoph - 1,225 views \\ tags: action, engine, Policy, refuse, stonegate firewall

Are you having the problem that your security policies have already hundreds or even thousands of rules and you don’t have a clear view anymore what rules are important and what are not? Or you may even suspect that some rules are not needed anymore but you don’t want to take the risk of removing them?

Don’t worry… StoneGate 5.0 introduces the new rule usage analysis tool. You will see directly in the policy editor how many times each rule has matched within the specified time period. The usage of rule counter tool does not even require you to turn the logging on for the rules. Engines send the rule hit counts automatically to SMC to be displayed in the Management Client. Note however that both your engines and SMC need to be version 5.0 or higher.

Rule hit counts, Policy validation tool and Policy comparison tool provides you an efficient set of tools to make your policies easier to understand. Now there is no excuse to postpone the policy clean-up project!

Benefits:

• You can easily find the rules that never match
• You can optimize the order of your rules

written by Tero Jantunen - 2,280 views \\ tags: 5.0, Features, Policy, SMC, stonegate

Often it could be useful or necessary to share the Stonegate policies to colleagues for consultation, validation or technical archives without give access to SMC.

First, try a simple copy and past from your policy in GUI to a chart in Excel or other, it’s magic

Second, you have in the SMC CDrom a folder named “Tools” where you can found the Policy converter tool :

“The Policy converter tool converts XML-based Security Policy exports taken from
StoneGate Management Center in to an HTML document.

The tool is compatible with policy exports taken from SMC version 4.0

Requirements:
- Linux Operating system
- Java Runtime v1.5 or later

Usage:
1. Extract the content of the zip package to a Linux workstation.
2. Make a Policy export (from the command line or from the Management Client).
Include referenced elements in the export.
3. Place the export zip package in the snapshotHTMLrenderer directory.
4. Execute script.sh and give the export filename as a parameter. For example
“./script.sh export_file.zip”. The script creates file
result_DATEOFEXECUTION.html in the same directory.
5. View the HTML document with a web browser.”

So wonderful to have a clear document in html to share this information.

written by Hokkyokuguma - 2,184 views \\ tags: converter, export, Policy, share, SMC