FEC Onlineservices
 
White List Filter function when the Stateful Inspection Firewall (SIF) is activated
This FAQ describes how to configure a web domain (URL) filter with help of the White List Filter when SIF is activated. In this example the configuration is done with a VPN Access 25 ( boot image 7.4.1 patch 2) and a 30 day demo ticket of Cobion.

1) Settings Cobion Orange Filter:
The configuration is done in the Setup Tool menu Security, Cobion Orange Filter. Set the COF to enable (30 day demo ticket) and choose the interface which shall be filtered.

VPN 25     Setup Tool                   Funkwerk Enterprise Communications GmbH
[SECURITY][ORANGE FILTER]: Static Settings                                VPN25
_______________________________________________________________________________

          Admin Status        : enable 30 day demo ticket       
          Orange Filter Ticket: B1BT

          Ticket Status       :

          Filtered Interface  : en0-2
          History Entries     : 64

          Configure White List >
          Configure Filters >
          View History >


                    SAVE                               CANCEL
_______________________________________________________________________________

Under Configure Filters the Default behaviour has to be set to block, whereby all internet traffic will be blocked initially.

VPN 25     Setup Tool                   Funkwerk Enterprise Communications GmbH
[SECURITY][ORANGE FILTER][FILTER]: Filter List                            VPN25
_______________________________________________________________________________

   Content Filter List:

  Category                       Day              Start  Stop   Action   Prio
  Default behaviour              Everyday         00:00  23:59  block    961


 

 

     ADD                 DELETE              EXIT
_______________________________________________________________________________

The web sites which shall be allowed have to be entered under Configure White List.

VPN 25     Setup Tool                   Funkwerk Enterprise Communications GmbH
[SECURITY][ORANGE FILTER][WHITE LIST]: Url List                           VPN25
_______________________________________________________________________________

   White List:

    Url / Address
    www.funkwerk-ec.com
   

 

 

 

     ADD                 DELETE              EXIT
_______________________________________________________________________________
2) Settings Stateful Inspection Firewall (SIF)
In this scenario the SIF is activated, whereas the packets sent by router will not be filtered  (Local Filter: disable).

VPN 25     Setup Tool                   Funkwerk Enterprise Communications GmbH
[SECURITY][STATEFUL INSPECTION]: Static settings                          VPN25
_______________________________________________________________________________

   Stateful Inspection Firewall global settings:

          Adminstatus    :  enable
          Local Filter   :  disable
          Full Filtering :  disable
          Logging level  :  all


          Edit Filters >
          Edit Services >
          Edit Addresses >

          Advanced settings >


                    SAVE                               CANCEL
_______________________________________________________________________________

Through the activation of the COF all internet requests are verified by the router (Local) directly. Because of that the following rule has to be added to the SIF filters.

VPN 25     Setup Tool                   Funkwerk Enterprise Communications GmbH
[SECURITY][STATEFUL INSPECTION][FILTERS]: Configuration                   VPN25
_______________________________________________________________________________
   Stateful Inspection Filter List:

         Press 'u' to move Filter up or press 'd' to move Filter down.

  Pos. Source               Destination          Service              Action
     1 LAN_EN0-2            LOCAL                internet             accept
    

 

 


     ADD                 DELETE              SAVE                CANCEL
_______________________________________________________________________________

In case the Local Filter is activated it is necessary to add an additional rule which allows the internet traffic of the router to internet WAN Partner (T-Online).

Pos. Source               Destination          Service              Action
   2 LOCAL                T-Online             internet             accept
3) Test
Access to web site  www.funkwerk-ec.com:

vpn25:> debug all&
02:17:29 DEBUG/INET: new session, 10.10.10.4:1071->62.146.2.103:80 prot: 6 parent: false
02:17:29 DEBUG/INET: SIF: Accept LAN_EN0-2[200:10.10.10.4:1071] -> LOCAL[1:62.146.2.103:80] internet:6
02:17:29 DEBUG/INET: new session, 84.149.253.195:1032->62.146.2.103:80 prot: 6 parent: false


Access to web site www.aldi.de, which is not listed within the White List:

vpn25:> debug all&
14:28:19 DEBUG/INET: new session, 10.10.10.4:1070->84.17.188.10:80 prot: 6 parent: false
14:28:19 DEBUG/INET: SIF: Accept LAN_EN0-2[200:10.10.10.4:1070] -> LOCAL[1:84.17.188.10:80] internet:6
14:28:19 DEBUG/INET: COF: block URL http:www.aldi.de/

 

on

2013 bintec elmeg GmbH