Hardware Firewalls

24K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I know an ex-colleague has a way at command line (script or whatever) to automate
adding of IP to block malicious IP for Nokia Checkpoint : that's years ago.

My current network colleague says it's very tedious to add IP as he has to create
object, then go into another screen to add it to a group & we often get 100-700
IP from threat Intel (from a cyber regulator):  is there a way to automate to mass
block it for CheckPoint  Security Gateway 12600??     Isn't there a way to get to
SG12600's Unix command prompt & write a script to automate?


For sure Linux iptables, we can do it easily by Shell script.

Heard Palo Alto has an interface to add IP en masse but my network guy says
CheckPoint (& possibly Fortigate) don't.
0
Rowby Goren Makes an Impact on Screen and Online
LVL 20
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Hey!
I have Godaddy Standard UCC/SAN SSL Certificate
mail.mydomain.com - exchnage certificate
gp.mydomain.com - paloalto globalprotect vpn certificate

my certificate was expired at 26/12/19 so i renewed the cert install it on the exchange all fine
but how to install the new certificate to my PA-820 globalprotect vpn without renew or creating a new CSR?

Thanks!
Capture.JPG
0
I have been contacted by our wells fargo bank rep and they told us a URL has changed and we are to add it to our firewall rules for continued access.  I have a SonicWall applianace, so the first question I have is where can I find the model number?  The interface recently changed and I used to be able to find it quickly.  Second question, how to I add this url to the firewall so it does not get blocked?
0
I am a long time Sonicwall user/admin.

Does anyone else utilize bandwidth control on a Sonicwall with firmware 6.5 or greater?

I have been using it for years quite extensively but about 6 months ago I had to disable it completely due to a very odd issue. Sonicwall documentation on it only talks about how to create and such, not best practices or gotchas. I am not looking for howtos, I am looking for best practices and such for overall usage and performance.

Specifically, we are using a HA pair of NSA2600 with multiple WAN interfaces (for redundancy)
0
Our network team raised concern that with the number of IP addresses to block
(currently we create a group & add in IP addresses) coming from cyber regulator,
it may hog/slow down our CheckPoint 12600.

Q1:
What's the rule of thumb for max number of rules for 12600?  We estimated the
number of IP to block to reach 5000 per year.

Q2:
There's currently 1 rule ie "Deny Threat_intel_list All  for all ports/protocol":
So with only 1 rule but adding IP to the "Threat_intel_list" cause slowness or
by adding the # of IP to the list will increase the latency (make it slower) as well?

Q3: *** this question is crucial ***
We plan to break down that single rule to multiple rules ie 1 rule for 1 IP from
Threat Intel to block so that we can assess if there are hits & subsequently
assess whether to remove rules that don't have hits after, say 6 months so
as to reduce the # of rules & load to the firewall: is this a good practice in
terms of making the firewall faster?  In terms of cybersecurity, was advised
by one vendor this is a safe practice as IOCs that are 'dormant' ought to be
removed, just like AV vendors removed signatures for viruses that have not
been seen in the wild for quite a while to reduce the size/length of the AV
signature file/DB.

Q4:
To do firewall rules review (ie remove rules,  permit or block rules: permit as
it means the endpoint device may have been decomm'ed & block if the IOC
is not active), reckon we review if there are hits.  Heard …
0
Hi All,

We are trying to help an external company who wish to publish their Juniper Firewall for remote management. We can ping the external address quite happily, however we cannot connect to the web ui over http. On the untrusted interface under management services / other services, ping and web ui are ticked. If we untick the ping we can see that external pings do drop off, so this works. I have confirmed with the ISP that there is nothing their end that would block the connection.

Any suggestions?

Thanks for your help.
Paul
0
Network access/routing issue.  The configuration that is place worked perfectly fine until the broadband ISP switch out their cable modem.  See attached diagram for clarification.
The issue at had is before the cable modem gateway was replaced, any workstation on the local LAN (192.168.1.x) was able to access the DVR/NVR camera system using it's address of 10.1.10.101.  However, now that address is pingable from the 192.168.1.x network, but no other network access works (ie. the NVR software can't connect to it).  The NVR system is still accessible from offsite by using the public static ip of the ISP gateway which has port forwarding to the NVR device.  In an ideal world, I would have had the camera system installed behind the network firewall so all devices were on the same ip network.  So I am looking for some input on what might be going on here.  Why would the old ISP gateway allow the communication but the new gateway appears to not.  Is there something that we should communicate to the ISP to change in their gateway to fix this issue?

Any insight is appreciated.
Network-Diagram.pdf
0
We are setting up a remote office with a FIOS internet connection.  Remote office users will connect to the main office using VPN.  Do you think I will need a firewall appliance at the remote office location?  I'm not sure it is necessary since users work from home and connect to the office using VPN and they do not have firewalls at home.  

Thanks,
cja
0
I am trying to log sonicwall capture logs to an FTP server but it fails I have attached a pcap file of the failurefailed-ftp.pcapng
0
Dear Experts,

Previously, with the forticlient, i am able to sslvpn to my office network.

Now when I try to connect after keying in the fortitoken, it says permission denied (-455)
0
Exploring ASP.NET Core: Fundamentals
LVL 20
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

After upgrading our FMC 4500 to 6.5.0, we can no longer SSH into it.

Here are the symptoms:

1. Before upgrade, we could successfully use Putty and SecureCRT to access CLI via SSH

2. We are trying to use Putty and SecureCRT and neither emulator is working after the upgrade.

3. SecureCRT says "password authentication failed"   see pic

4. Putty says "access denied"    see pic

5. We have verified usernames and pw's of people attempting to access and they have admin rights.

6. We have attempted multiple users

7. We are not using external authentication. All of our users have local accounts to the FMC

8. See attached FMC Log file tooPutty ErrorSecureCRT Error1Secure CRT Error 2FMC-Log.txt
0
"Forwarded" domain unreachable. Users get "Page Can't Be Displayed" when trying to access website forwarded using GoDaddy to another domain. forward is a "permanent (301)" and set for "forward only" (No Masking). SonicWALL firewall with all Security Services disabled still cannot access. Other sites with similar FW can access site successfully.
0
Normally I've configured PANs from their own GUI. On this gig, I need to push the network, zones, routes etc from templates in Panorama. I've upgraded the code and updates in standalone. Their management interfaces and routes are all set. I think I'd need to configure HA in standalone before pushing the network template to the pair from Panorama. Are there any other elements to consider deploying on firewalls themselves before pushing the network template? I found a PAN document on pushing network template from Panorama but it didn't address the HA issue unless I was using Active/Active in which case they recommended using two separate templates. But this is just old fashioned active/passive.
0
Hi,

I have question. Can we manage Firepower 4110 without using FMC (Firepower management center) or I will need to buy one?
Which appliance or virtual FMC I need to buy? and is there any free license or no?

Thanks in advance
0
Dear Experts
We had to install Cisco FMC as VM appliance on VMware the engineer completed this task. But in the vmware web console in the status it is showing as “Warning” and also following event message
1.      The configured guest OS (Other 2.6.x Linux (64-bit)) for this virtual machine does not match the guest that is currently running (Other 3.x Linux (64-bit)). You should specify the correct guest OS to allow for guest-specific optimizations.      Warning
2.      Another issue is when we shutdown the FMC safely and again started due to server maintenance later now turned ON but it is more than 4 hours still it is showing up “System processes are starting, please wait. “ when accessed the FMC.
Please help on how to fix the above 1 and 2 , thanks in advance.
0
Dear Experts
We have installed Cisco FTD 1010 for routing and firewall and Cisco FMC for managing FTD . We have CISCO 1830 SERIES (WIRELESS ROUTER)  integrated with windows AD, windows radius server for wireless users of Windows AD to access network. Now would like to implement the best practice method for guest users
1. Please suggest should we have to create guest user in windows AD and provide these details to guests. Guest users  would only require the internet hence not sure is this best practice, think if go by this approach then guest users will connect to the same network

2. or should we have to create guest user at wifi device level and separate guest network from LAN private network ( hence this assigns IP to the guest users and they are not connected to our internal network. Please suggest the best practice.

Thanks in advance.
1
Hi All,

We use WatchGuard Friebox as our firewall. Last couple of days it has detected and blocked a relatively high for us(1oo hits) of activity it labels as MASSCAN Activity. I have traced this back to a handful of IP addresses. These tried to attack a couple of our web server that we have to publish on the internet. Only ports 80 and 443 are open on these connections.

Is there anything etc I can/need to do to help stop this activity, or is it one of those things I have to live with as long as WatchGuard is blocking it.

Cheers,
Paul
0
Will a Cisco 1000BASE-SX SFP work in an Palo Alto Networks PA-3020 SFP slot?
My googling is not being helpful on this one. Thank you.
1
Dear Experts
We have to restrict internal users to access internet but the requirement is they have to access G-suite email account  via email client software MS Outlook to send or receive emails, We have Cisco 1010 firewall and the same is integrated with Windows AD , please  help what ports to be opened or any url to be allowed at firewall so that users can access g-suite email account through email client software .
0
HTML5 and CSS3 Fundamentals
LVL 20
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

Hello.  Let me first explain our problem and a brief explanation of our setup, and then I will go into details.

We currently have a Cisco Firepower 2110 and are using this for a site-to-site VPN to our other building. There are no issues here. We are attempting to set up a RA VPN, and when testing - by allowing inside interface as access - we can connect internally. The problem is we can not connect externally.

I did have a Cisco ASA 5500 series before, and we did have a S2S and RA VPN functional on it.

Now, here are the details.

Cisco FP 2110, managed through FMC, IP: 192.168.80.45, FMC .46.

Objects
     int.grp.vlans: 192.168.1.0/24, 192.168.10.0/24 ... 15, 20, 40, 60, 70, 80
     vpn.net.vpn: 192.168.110.0/24 (VPN Pool is 192.168.110.100-200)

Interfaces

Eth 1/1 - WAN / Outside / 96.x.x.17 / 255.255.255.240
Eth 1/2 - Inside / inside 192.168.1.254 / 255.255.255.0

Routing
    Routing Table
NAT Translation
    NAT Translation
Access Policy
    Access Policy
I am desperate to get this to work, as it needs to be up by November 5th. I have zero idea why this is not working, and am sure it is something very simple I am missing. I have set this up before and had no issues. We did try using a different outside port (500). When we did, we received this in the connection log:

Outside Access Port 500
Thank you in advance, and please ask for any other required information!
0
Dear Experts

Please help me with steps on "HOW TO" generate CSR for installing SSL certificate on Cisco Firepower Management Center(FMC) for Firepower Threat Defense (FTD), either though ssh or through web interface log in please help me with steps. thanks in advance.
0
Hi Expert,

I am currently learning FortiGate firewall, I would like to check what are some of the routines tasks needed to be done, also what are some of the rules that you will be created and using. And some important things to take note of.

Thanks!
0
Our company website is working fine and is accessible externally however all internal clients cannot access the site through our Smoothwall filter.

Our website is on the same domain as our internal domain and we have a www record in DNS pointing to the external web server’s IP address.

None of our clients can navigate to or ping the website. I logged into the Smoothwall and under the IP Tools section ran a ping to the company website and got 100% packet loss yet pings to all other and obvious blocked sites get through fine so it’s not filtering.

Also if I run the ping tests from the 4 internal Ethernet port interfaces we have setup in Smoothwall I get a 100% failure yet if I use the external Ethernet port it gets a working ping.

It seems to be a DNS issue and the Smoothwall doesn’t seem to know how to either get to our website or deal with the response back from our internal DNS server, or possibly isn’t getting a response back.

The strange issue that has really stumped me is both my IP address and one other in our internal range can access the site fine internally. My IP and the second one that works are both added as Exceptions in the Smoothwall but so are my colleagues and they are all getting site unavailable.

This has been working fine. Any ideas/pointers?
0
Looking for help getting my Sonicwall logs files to upload the the Microsoft Azure Cloud App Security system. I am trying to setup the Sonicwall's so they forward their logs to MS to be analyze. I need to have a forwarding machine installed to do this. They have a Docking image of Linus, but I can't seem to get it to work. My working knowledge Linux is pretty limited. I have been using this article as a reference: https://blogs.technet.microsoft.com/cloudready/2018/03/07/configure-microsoft-cloud-app-security-to-analyze-sonicwall-logs/. Thanks
0
I have a client with a SonicWall TZ105, he currently has a tunnel from his home office to his work location.  He just purchased a Windows 10 laptop and wants to VPN  in when he is travelling.  Does the unit come with a license so he can do this or is an additional license required to be purchased and installed?  What is the best client to use on the laptop?
0

Hardware Firewalls

24K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.