StoneBlog.stonesoft.com

One of the features I use often, and especially in cases when there is some sort of trouble, is the ability to actually see what traffic passes the firewall.

Most admins don’t feel comfortable using the console (over ssh), and ofcourse it is not as trivial as it seems – especially remembering the exact commands. So, for the community, and for my own personal use, I’ll document a small issue I just had, and how I “solved” it.

A customer called, saying: “I use the StoneGate VPN to connect to my server with RDP, and all I get is a black screen”.  Now, that’s something that’s (unfortunately) not too uncommon. Google for “MTU”, “Path MTU Discovery” and “Black Hole Detection”, and you’ll get tons of info, which all come down to:

Single packets in ethernet networks have a maximum size of 1500 bytes (RFC 879). 1460 bytes of data + 40 bytes header (ip-addresses, ports, settings etc.). All tunneling protocols (VPN, PPTP,PPPoE, etc.) add some bytes to the header part. This means less room for the data part.

Both “client” and “server”  agree to send packets with max. 1460 bytes of data. The first few packets of the connection aren’t large, perhaps 1000 bytes max, and fit through perfectly. Client and server agree to communicate, draw a frame of the correct size, etc. Then however, comes the Windows Logo, a picture that is over 3000 bytes of size.  That means,  2  large packets are sent.  Somewhere on the connection from server to client, these packets do not fit. So, the picture the server sent, does not reach the client. A black screen of the wanted size just sits there, and waits… and waits…. and waits…..

Since I do not want to discuss what causes this,  but just want to know if it IS an MTU issue, I do following:

• check if both sides agree to use 1460 bytes of data
• reduce the packet size on either client or server side to 1310 bytes of data
• test whether RDP works again

Continue reading »

written by jebATpop-i - 1,584 views \\ tags: CLI, Examples, stonegate firewall, Tips & Tricks

As you know there are multiple ways how to visualize the log data with StoneGate Management Client. You have probably noticed the “Statistics” shortcuts in the Log Browser’s toolbar already. Here is another convenient way to find more log statistics shortcuts:

Just right-click any column header in the Log Browser and select some of the log statistics shortcuts from the menu that opens. Note that these shortcuts are all related to the column you originally selected.

A picture is worth a thousand words! Log Statistics provide you efficient tools to drill in to the relevant pieces of log data.

written by teroja - 483 views \\ tags: Log Statistics, logs, Shortcuts, SMC, Tips & Tricks

In SMC 5.0 there is one new shortcut that speeds up the daily administration tasks a bit. You can namely create new hosts wherever you see IP addresses. Just right-click that IP address and select “New Host” action from the menu that opens. This is a nice shortcut when you recognize some IP from the logs and you know you need to use a host element with that IP later e.g. in a security policy.

Continue reading »

written by teroja - 435 views \\ tags: logs, New Host, Shortcuts, SMC, Tips & Tricks

You have probably noticed that there are lots of useful shortcut actions in engines’ right-click menu. You can e.g. view logs from that firewall or access the engine’s current policy by right-clicking the engine and selecting the actions from the menu that opens.

Since SMC 4.3 this right-click menu has also contained actions that open Overview of engine specific statistics. But did you know that you can customize which Overview templates are visible there?

Read for more instructions how do you do this… Continue reading »

written by teroja - 473 views \\ tags: Monitoring, Overview, SMC, Tips & Tricks

Fresh from relaxing holidays, I’m sharing with you all this interesting case I came across this morning.

The request from a colleague was to configure our SSL VPN system to combine more than one authentication method (for instance, StoneGate Web pad + StoneGate SMS Authentication) to give access to the Application Portal.

This is to strengthen furthermore the security level a user can implement with StoneGate SSL VPN solution.

Here’s how to configure the system.

Continue reading »

written by RoarinPenguin - 821 views \\ tags: double authentication, howto, SSL VPN, Tips & Tricks

Reference Search helps you to easily see where the elements are used. You can access the reference search by right-clicking the element and selecting “Tools – References” from the menu that opens. (Alternatively you can just select an element and press Ctrl+G).

In the snapshot above, the user was interested to know where the “test host” element is used.  The reference search results list shows that the element is used by two rules in the “Test Policy”. From the “Rule Info” tab in the Info panel, the user can instantly preview the rule. There he can quickly see for example that the selected rule seems to be a NAT rule while the first one was an Access rule.

If the user right-clicks the rule in the search results list, he can also open the policy for editing. When this action is selected, the policy editor is opened and the rule that was selected is highlighted.

written by teroja - 487 views \\ tags: SMC, Tips & Tricks

This was the last SMC video article by far. Note that all videos are stored in Videos section of StoneBlog Community.

written by teroja - 535 views \\ tags: 5.0, Examples, SMC, Tips & Tricks, Training, Videos

Remember that you can share your logging profiles in Files section of StoneBlog Community.

written by teroja - 567 views \\ tags: 5.0, Examples, SMC, Tips & Tricks, Training, Videos

See the video below to see how you can monitor your third party devices with StoneGate Management Center.

written by teroja - 497 views \\ tags: 5.0, Examples, SMC, Tips & Tricks, Training, Videos

written by teroja - 485 views \\ tags: 5.0, Examples, SMC, Tips & Tricks, Training, Videos