09 Firewall Policy
-
Upload
paresh-bari -
Category
Documents
-
view
219 -
download
0
Transcript of 09 Firewall Policy
-
8/4/2019 09 Firewall Policy
1/12
Virtual Firewall Policy, 1 2009 ForeScout Technologies
Firewall Policy
CounterACT 6.3.4.0
Customer Training
-
8/4/2019 09 Firewall Policy
2/12
Virtual Firewall Policy, 2 2009 ForeScout Technologies
Agenda
What is Virtual Firewall Protection?
Central Management
Blocking Rules
Allow Rules
Configurations Affected
Export Rules
CounterACT Rule Priorities
Chapter 11, Managing your Virtual Firewall, 6.3.4.0 Console User Manual
-
8/4/2019 09 Firewall Policy
3/12
Virtual Firewall Policy, 3 2009 ForeScout Technologies
What is Virtual Firewall Protection?
Menu Bar: Tools > Virtual Firewall
Close off network segments entirelyto deal with new threatsvulnerabilities
Close off network segments tohosts/user groups
Designate business-critical servicesthat should always remain open
Prevent unwanted protocols from
moving within your network.(prevent RPC traffic from beingtransmitted between variousdepartments)
Virtual firewall protection lets you create network security zones to giveyou more control over network traffic
-
8/4/2019 09 Firewall Policy
4/12
Virtual Firewall Policy, 4 2009 ForeScout Technologies
What is Virtual Firewall Protection? (contd)
Menu Bar: Tools > Virtual Firewall
CounterACTs virtual firewall gives
you all the benefits of an inlinefirewall, without being locatedinline. This means there are noissues of latency.
-
8/4/2019 09 Firewall Policy
5/12
Virtual Firewall Policy, 5 2009 ForeScout Technologies
Central Management
Virtual firewall rules are centrally managed from the Enterprise Manager
Rules cannot be managed from individual Appliances
Rules are applied across the enterprise
Disabled for individual Appliances
Tool Bar: > Virtual Firewall
-
8/4/2019 09 Firewall Policy
6/12
Virtual Firewall Policy, 6 2009 ForeScout Technologies
Blocking Rules
Prevent outbound traffic at source IPs from reaching target hosts/services
-
8/4/2019 09 Firewall Policy
7/12
Virtual Firewall Policy, 7 2009 ForeScout Technologies
View Blocked Events
View hosts blocked by blocking rule, useful for troubleshooting
Menu: Log > Blocking Log
-
8/4/2019 09 Firewall Policy
8/12
Virtual Firewall Policy, 8 2009 ForeScout Technologies
Allow Rules
Allow outbound traffic at selected source IPs to reach targethosts/services
Access permitted at target IPs regardless ofother CounterACT block settings
Use, for example, to keep mission critical services open
Tool Bar: > Virtual Firewall
-
8/4/2019 09 Firewall Policy
9/12
Virtual Firewall Policy, 9 2009 ForeScout Technologies
Configurations Affected by Virtual Firewall Policy
Rules defined directly from the Virtual Firewall box
Hosts detected via Policy VirtualFirewall action
Authentications services defined viaGroup feature
Virtual Firewall rule defined from theControl Center
Protected services defined viaVulnerability Scan
Defend as result of Network Portal access
-
8/4/2019 09 Firewall Policy
10/12
Virtual Firewall Policy, 10 2009 ForeScout Technologies
Export Rules
Export Virtual Firewall rules to a .csv file for reporting purposes
Tool Bar: > Virtual Firewall > Export
-
8/4/2019 09 Firewall Policy
11/12
Virtual Firewall Policy, 11 2009 ForeScout Technologies
CounterACT Rule Priorities
Rules created directly via the Virtual Firewall dialog box takeprecedence over Virtual firewall rules created via Policy
CounterACT rule hierarchies, from highest to lowest
Virtual Firewall - Allow rule IPS Policy - Malicious Blocked (host, port) and Virtual Firewall Block
rule
Group Definition - Authentication Servers (allow access)
Policy - Virtual Firewall Block
-
8/4/2019 09 Firewall Policy
12/12
Virtual Firewall Policy, 12 2009 ForeScout Technologies
Questions?