Jan 14

StoneGate 5.1: Web filtering

Feature Previews, Firewall Engine, IPS, SMC -
1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 4.40 out of 5)
Loading ... Loading ...
 No Comments »

Web Filtering

With StoneGate’s Web filtering feature you can configure which type of resources in the Internet the users can access by using web browsers. StoneGate contains about 80 URL categories that you can use to inspect the traffic. URL categories are dynamically updated from external cloud service provided by a company called BrightCloud.

Continue reading »

written by teroja - 816 views \\ tags: , ,

Dec 08

How to Whitelist URLs using fingerprinting

IPS, Tech dives -
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)
Loading ... Loading ...
 5 Comments »

This quick note allows you to:

  • Define the following fingerprint situations that matches to ALL other URLs but the listed ones.
  • Add new inspection rule which defines which IP addresses group are allowed to access to defined URLs. All other combinations are terminated.

Note! Variable names must be unigue in each fingerprint that are matched in a same context!

E.g. ‘whitelisted_url_1′, ‘whitelisted_url_2′

  1. Create one situation, called whitelist1, structured as follows:
    Context: HTTP Client Stream
    RegExp:
    (?x)
    .*Host:(?>[^\n]*yle.fi(?{whitelisted_url_1=1,ignore}))|
    .*Host:(?>[^\n]*mtv3.fi(?{whitelisted_url_1=1,ignore}))|
    .*Host:(?>[^\n]*hs.fi(?{whitelisted_url_1=1,ignore}))|
    .*Host:(?>[^\n]*cnn.com(?{whitelisted_url_1=1,ignore}))|
    .*Host:(?>[^\n]*bbc.com(?{whitelisted_url_1=1,ignore}))|
    .*\n\n(?{whitelisted_url_1==0})|
    .*\r\n\r\n(?{whitelisted_url_1==0})
  2. Create another situation, called whitelist2, structured as follows:
    Context: HTTP Client Stream
    RegExp:
    (?x)
    .*Host:(?>[^\n]*sampo.fi(?{whitelisted_url_2=1,ignore}))|
    .*Host:(?>[^\n]*op.fi(?{whitelisted_url_2=1,ignore}))|
    .*Host:(?>[^\n]*norndea.fi(?{whitelisted_url_2=1,ignore}))|
    .*Host:(?>[^\n]*stonesoft.com(?{whitelisted_url_2=1,ignore}))|
    .*\n\n(?{whitelisted_url_2==0})|
    .*\r\n\r\n(?{whitelisted_url_2==0})
  3. Create two groups of machines, called Group1 and Group2.
  4. Create an Access rule (and if needed a NAT rule for FW) to allow HTTP with deep inspection ON for both groups Group1 and Group2.
  5. Create two separate inspection rules as follows:
    Situation     Source     Dest     Protocol     Action
    whitelist1    Group1       ANY     ANY           Terminate
    whitelist2    Group2       ANY     ANY           Terminate
  6. Install policy

written by RoarinPenguin - 1,219 views \\ tags: , ,