Solved

Firewall URL whitelisting

Posted on 2014-02-12
12
3,735 Views
Last Modified: 2014-02-24
Hello All,

I have a Sonicwall Firewall. My Firewall is configured to prompt for authentication in order to be able to browse to the internet.

I had configured couple of http URLs in my firewall to bypass authentication. When I try to browse to those URLs, the web page displays, but it displays only hyperlinks without any images so it looks kind of gibberish. Most probably this could be due to my Firewall still blocking out things.

I have checked the source code of the website and there are quite a couple of other URLs embedded to it, which it might explain the behavior since my firewall could be blocking them. I assume I can start including all of these URLs on my bypass list, but it will be too much work.

Can you think of anything to get around this and be able to display the entire website?
0
Comment
Question by:LuiLui77
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39853922
The only other thing I can think of is using their built in Content Management System but it is a paid upgrade.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39853929
Hi LuiLui77,

This is most likely due to them using other content providers, hence different URLs. Check the source code of the sites, locate the other URLs and then add them as well. That should do it.

Conversely, you can lookup the URLs and see which categories they are and unblock the Categories that way as well.

Let me know if you have any other questions!
0
 
LVL 25

Assisted Solution

by:Fred Marshall
Fred Marshall earned 250 total points
ID: 39854871
The Yahoo web site has over 1,500 URLs embedded.  And, I venture to say, they change daily.  So the quest is hopeless I would guess.  MSN too .... So they aren't the only ones.

I use whitelists for much simpler web pages when their use will simplify web filtering.  But whitelists as an overall approach are difficult to get to reach suitability and more difficult to maintain.  Blacklists are much better in relation to that.
0
 

Author Comment

by:LuiLui77
ID: 39856082
I have the workaround!

Firewall rules by IP. With NSLOOKUP I got the IP of the domains, then I configured a firewall rule to allow HTTP traffic only. It has worked so far.

Please tell me your thoughts!
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39856775
A lot depends on your objectives.  A whitelist approach is clearly the most restrictive.  Then, if you add all the IP addresses of all the URLs that are linked, two things will happen that you might want to ponder:

1) you will be in control of the list but will you really understand the advisability of each and very URL/IP that you add? Is that really being as restrictive as you'd want?  Surely there will be links to Facebook, etc.

2) what will you do when the sites change links?

Have you considered the Sonicwall Content Filtering Service (CFS) as a better way to deal with the requirements?  I use a different service but I'd imagine they amount to the same thing.  In some sense it's more permissive than a white list - more like a selective, programmable black list.  And it can work with site reputations as well.  In our case the filters apply to individual IP addresses or ranges on the LAN - so there is one for "managers" and one for "non-managers" with the latter being more restrictive.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39856822
I may have overlooked the fact that you didn't mention Content Filtering Service (CFS) from SonicWALL. Yes, I agree with fmarshall, you should buy CFS. I'd further recommend Comprehensive Gateway Security Suite (CGSS) it's a bundle of Gateway security services, which includes CFS plus 24/7 support. It's a must for any SonicWALL appliance.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:LuiLui77
ID: 39859157
I have realized that we have CFS on our firewall device. I have included a couple of these domains in the Trusted domain list, but it still giving me the same restrictions, which is logical since there are a big quantity of other domains embedded. Is there anyway to bypass that as well using CFS?
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39859193
Sonicwall CFS best works on categories. You can enable or disable the categories you want people to access and based on that you will see the results. The only category that I don't like personally is "Web Communications" because it complicates things more than it solves them. If you were to disable the category "advertisement" and you go to a page that is allowed (for example yahoo.com) the system will block all advertisements for you. Its not a foolproof process but it blocks a good 95% + of the sites that fall under respective categories.
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 39859516
I have included a couple of these domains in the Trusted domain list, but it still giving me the same restrictions, which is logical since there are a big quantity of other domains embedded. Is there anyway to bypass that as well using CFS?
Here is what I would do:
First, get away from the idea of whitelisted pages that are complex.
Perhaps think of a whitelist as an "accelerator" for often-used, simple pages.
Second, rely completely on the CFS and learn how to use it in your situation.
While a different product, ours either Blocks or Allows each and every Category for each user group.  Start with their default Block and Allow values and go from there.
Third, you won't get complaints for sites that are *not* blocked!  But, you will get complaints/unblock requests for sites that are blocked yet needed.  Depending on the organization and the people, requests may vary from OK to not-so-OK.
(Suggestion: ask them for a screen shot of the blocking message if there is one - likely there is.  This way you will know the Category.  Without that, it's just harder to deal with on your own.)
In our case, I handle this two ways:
- if the entire Category is OK for everyone then I unblock/Allow it.
- if the need is focused on one or a few employees then I create a new group and Allow that Category for them only ... or add the site to their particular Whitelist.
The first is quick and easy.  A broad brush approach.
The second is a bit more work and implies ongoing maintenance because if you decide to change the general list you also need to change the specialized lists.  Not a big deal but must be remembered.

I have no problem with filtering out part of Yahoo for the general users.
I'm not sure what you mean by "a couple of these domains" and "it's still giving me the same restrictions".  What domains?  What "it" is giving restrictions?  Is it the CFS?
0
 

Assisted Solution

by:LuiLui77
LuiLui77 earned 0 total points
ID: 39860838
I meant restrictions to as the images of the web pages not being able to display. The pages are just displaying hyperlinks and text.

Oh man you can get so creative with a Firewall, it is so granular and have so many options.

I found out an option very helpful, which would lead me to my best approach on resolving my situation, for now.

In the URL Whitelist section I've spotted an option which is called "Autoconfigure" that will help you see all URLs being blocked when trying to browse into a webpage. When clicking on this option you will have to specify the IP of a computer that will be used to browse into the website needed. Then it will ask you to browse into the webpage or service desired from the computer with the IP specified. As you browse into that webpage, this tool analyzes all URLs that are being blocked and will let you choose which ones of these URLs you want to whitelist.

One of the pages that I was trying to whitelist had a lot of urls that pertained to the same domain, which I selected. Then I tried to browse into the webpage and I was able to see all the page and its graphics.

One thing that I noticed was that eventhough I added to the whitelist a wildcard entry, the firewall was not whitelisting everything pertaining to the domain. For example, I added *.domain.com and the following were being still blocked: domain.com/images/hbiwviyvfvwi

I attempted to whitelist *.domain.com/* but still. I dont see the cause of this behavior.

Does someone has an idea?
0
 
LVL 24

Accepted Solution

by:
diverseit earned 250 total points
ID: 39865234
Whitelisting and Blacklisting in SonicWALL devices are wildcarded by default, meaning you should just put in the domain such as domain.com not *.domain.com. By putting in domain.com it will take care of sub.domain.com, sub.sub.domain.com, domain.com/content, etc.

Your domain is not whitelisting most likely due the your recent discoveries listed above. Many sites will host their CSS file on another server and in this case if that domain of the CSS host is not whitelisted you will get a page loading without styles and in some cases images depending on how they are executing imagery (via CSS or not).
0
 

Author Closing Comment

by:LuiLui77
ID: 39880395
I the Sonicwall Firewall, In the URL Whitelist section I've spotted an option which is called "Autoconfigure" that will help you see all URLs being blocked when trying to browse into a webpage. When clicking on this option you will have to specify the IP of a computer that will be used to browse into the website needed. Then it will ask you to browse into the webpage or service desired from the computer with the IP specified. As you browse into that webpage, this tool analyzes all URLs that are being blocked and will let you choose which ones of these URLs you want to whitelist.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Azure network security group 2 35
Server Room Hardware 5 49
wallet files similar to ransomware 1 36
Tracking Down IP in VMware 41 23
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now