Software Firewalls

19K

Solutions

20K

Contributors

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am on an Amazon Linux 2 AMI running Apache 2 and I need a software solution for security.  I have been told mod_security isn't a good choice.  So does anyone have experience with the AWS Waf?  If so, what rules are you using?

Or, do you have another idea altogether?

On my previous instance I used fail2ban but I found the bots could outsmart fail2ban so hopefully someone will have a better choice.

Let me clarify my biggest  problems are postfix issues, stopping ddos, bots running up and down my site stealing bandwidth, clicking on every link and having numerous disk i/o's which I have to pay for.

By the way, I am not interested in using another AMI due to the complexity of my existing AMI.
0
The Firewall Audit Checklist
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Hi, All.

I have an issue with IPTABLES rules. Here is below image shows my iptables rules. But i can not "telnet" port 2196. I've edited directly "/etc/sysconfig/selinux". And restarted iptables. Selinux disabled.

What am i doing wrong ?

iptb.JPGiptb.JPG
0
Dear All,

We are planning to install a new Windows server 2012 domain controller on our network and join the existing domain. However, the original domain controller is located on another sub-network protected by firewall.  We have opened the firewall rules (Two-ways) according to the link https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10) which are as follows:

LDAP (TCP/UDP 389)
LDAPS (TCP 636)
TCP 3268
TCP 3269
Kerberos (TCP/UDP 88)
DNS (TCP/UDP 53)
TCP/UDP 445
TCP 25
TCP 135
TCP 49152 TO 65535
TCP 5722
UDP 123
TCP/UDP 464
UDP 49152 TO 65535
UDP 138
TCP 9389
UDP 67 and 2535
UDP 137
TCP 139

while all other ports other than the above are dropped.

We have configured the DNS server of the new Domain Controller pointing to the first Domain Control on the other subnet. Both servers are running Windows server 2012 standard edition. When we try to promote the new server to DC and add a domain controller to an existing domain the following error prompted :

"Verification of replica failed, An Active Directory domain controller for the domain could be contacted. Ensure that you supplied the correct DNS domain name"

After we request our firewall team to open Any-To-Any (Two Way) between the first and new domain controller, the above error message disappear and able to join the domain.  The firewall is managed by other team so we cannot check the deny log on the firewall.


Our …
0
I am trying to take backup of my ASA through tftp.

Command: ASA01/Hyb(config)# write net 172.24.50.9:/Test-561.tmp

Response: Building configuration...

                      INFO: Default tftp-server not set, using highest security interface Cryptochecksum: ******************************** !

%Error writing tftp://172.24.50.9 //Test-561.tmp;int=inside (Timed out attempting to connect) [FAILED]

 Also after executing this command,  Test-561.tmp is created in TFTP directory but with size 0

TFTP server is installed in Linux, tftp is working fine as I am able to take backup of other ASA which is in the same network.
 

Your help will be appreciated.

Thanks,
Dilraj Kumar Paswan
0
How can I configure Windows Firewall "Allowed Apps" through group policy?

On Windows computers, this can be found within the "Control Panel\All Control Panel Items\Windows Firewall\Allowed apps" applet.

Windows Firewall Allowed Apps
0
We have cisco wireless controller 2500, there it will not support webfiltering. i just want to do web filtering for my office wifi.

so can i use any tool in dns server to block websites??

please suggest me some simple and open source tool

thanks
0
What settings need to be changed within the Server 2016 firewall settings to allow domain admins to browse the C$ shares?
0
I am not very familiar with Windows Server firewall settings. I think I need to set a rule to allow HTTPS Traffic-in and was trying to use the World Wide Web Services(HTTPS Traffic-In) rule. Is this in a group that I would find by selecting a predefined rule type? Or do I just have to pick the port and manually type it in? I can't find it predefined anywhere.



Thanks
0
Hi Anyone,

Can I anyone advice how to troubleshoot this error as attached for your kind.

1. Is able to ping and SCCM can detect client and is active.
2. When tried to \\LIOE17BSD1889LC\admin$ => I've the local admin password but just can't connect when trying to use domain\admin, .\admin or \admin still can't  

Trying to go client action > Run Software Inventory Cycle and got this error.

Ps advice.

Tks.

Lucky
error-permission-denied-70.jpg
0
can we use letsencrypt certificates for Sonic wall firewall.
issue: DPI SSl is enabled for users & firewall self signed SSL certificate is pushed to clients by GPO. but when applying the filtering rules for mobile users (smart phones, Iphones, IPads & other computers that are not part of internal domain) they get SSL not trusted error. cannot perform https filtering with this error. so is there any way to use a publicly trusted certificate for my sonic wall local IP or any workaround to filter https for those clients.
Sonic OS 6.5 later  

thank you.
0
Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I am looking for some discussion and feedback on best practices for managing a firewall with HTTPS Inspection/URL and Application Filtering and dealing with a consistent issue with CDN's resources somehow not being successfully pulled down and resulting in a page not loading. This could be due to any of the blades of the firewall affecting the ability for it to load including the inspection, a particular CDN not already being white listed or an ASK for verification of use policy not showing because its being pulled down as a .js resource.

In a nutshell, i want to hear how other firewall admins are managing the constant need to allow CDN's resources to sites for user bases with no real streamline way to proactively plan for it or even sometimes resolve it in a reasonable about of time.

For example - I am experiencing an issue where a user can not access a certification site. The site is pulling down resources from Cloudflaressl, cloudfront and facebook. The domains addresses are very specific and i dont think bypassing https inspection, if thats the issue for these domains is a good call. What do you do short of turning the firewall off? : )

Thanks in advance.
0
My goal is to be able to connect to private network located behind OpenVPN client (192.168.1.0/24) via OpenVPN server WAN interface.
For example I want this forwarding: http://{Ubuntu WAN IP}:443 -->  http://{Private LAN IP behind OpenVPN client }:443
Please take a look at the attached screenshot.
-  Ubuntu VPS knows the route to private LAN subnet that is behind OpenVPN client (192.168.1.0/24) and MikroTik router knows the route to OpenVPN subnet (192.168.7.0/24).
- I can connect to Ubuntu VPS via SSH and successfully ping MicroTik OpenVPN interface (192.168.7.2) and also I can ping any host from MicroTik private LAN subnet that is behind OpenVPN client (192.168.1.0/24) , needless to say the private LAN hosts that are behind OpenVPN client (from 192.168.1.0/24 subnet) can easily ping Ubuntu OpenVPN interface (192.168.7.1) too.
- Also any host from OpenVPN subnet (192.168.7.0/24) if connected to OpenVPN server via OpenVPN client allows communication like http://{Ubuntu WAN IP}:443 --> http://{Private IP of OpenVPN client}:443 using UFW NAT rule.
But:
When I’m trying http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP behind OpenVPN client}:443 I have following behavior:
1)      Packets successfully arrive to host behind OpenVPN client (to any host from 192.168.1.0/24 )
2)      But the host of this subnet can't route back this received public IP packet via OpenVPN tunnel, it replies using ISP WAN address.

I would very happy if someone is able to help me solve this …
0
Hi, i'm looking for an easy way to shut off Windows Defender, Defender notifications and Windows Firewall until I tell it to turn back on.    A program would be nice, but command lines would be fine also.  I can get them off, but they just keep turning back on.  

Thanks all.
0
I couldn’t upgrade my firmware on the Cisco rv325 router that's attached to  my Server 2016 essentials environment.  I signed on to ServerWSE and used Chrome to 192.168.16.1. I started the upgrade, and the progress bar kept spinning for 30 minutes, then went away.  But the router still had the old firmware.

I called Cisco and their Engineer said it failed because I must first turn off the windows firewall which should be done on a client computer, not the main server.

We then spent 40 minutes trying to turn ofr the firewall on my Windows 10 Pro laptop.

The problem is that the firewall settings says “for your security some settings are controlled by group policy”.

I am our small business's tech guy, but I know very little about GPO, and the Cisco Engineer knew less.  We turned off laptop's antivirus, and signed on as cpulaptop\Administrator but that did not help.

Does anybody know a simple way to temporarily turn off the firewall?  

If so please let me know.  

If there is not a simple way, perhaps someone can help me with GPO.  I already did the following research, but I am not making much progress.

Link#1: I found this article which show me how to create a domain level policy that turns off firewall for everybody. https://prajwaldesai.com/how-to-turn-off-windows-defender-using-group-policy/

But that is way overkill. I want to turn it off only for cpuLaptop.  Ideally, it would only be off when signon as cpuLaptop\Administrator.

Link#2: I then …
0
Hello everyone!. Perhaps somebody could help me. I am trying to configure firewallD (Centos 7) so public network only has access to http and https services but my trusted networks to ssh, webmin, http, https, etc...
Btw I have only 1 interface.

I need to achieve something like this:

PUBLIC ZONE:
-source: 0.0.0.0
-interface: eth0
-allowed services: http, https

TRUSTED ZONE:
-source: 192.168.10.0/24
-interface: eth0
-allowed services: http, https, ssh
-allowed ports: 10000

Ho can I do it?
0
Hello, Could you help with this issue ? i can't push a policy in checkpoint i have this error
eror database checkpoint
COuld you help me ?
0
I have an issue where I'm sure someone is hacking our network, specifically four machines.  I have witnessed them going into my home folder and deleting my trash on these machines.  They are also able to change the camera settings.  For example, they're zooming in to locations.  They are doing playback.  This all happens between the hours of 12am-2am.

I'm using:
Windows 10
Palo Alto Networks
Security Camera Milestone software.  https://www.milestonesys.com
The cameras are made by Mobitics.

What I've narrowed it down to is this happens when the security camera milestone software is up and running on the four machines.  When I turn that software off there's no connectivity or suspicious things going on.

What I need to know is how do I find out who is doing this?  How can I get an IP address?  Are they inside my network or outside my network?

I would even appreciate a recommendation of a security company that knows how to track intruders down.

Note:
I've checked the parking lot and areas of the campus to see if someone is psychically here, but I don't see anyone.  I've also contacted Milestone software and they've recommended I change my password and the camera's password, but we are still having an issue.
0
Dear Experts,

I'm using server 2012 r2.

A strange issue (at least to me its strange)  -

Some of  the domain attched clients are being blocked by the firewall, when I turn off the firewall the problem disappears ..

From the firewall log -

2018-05-12 11:35:31 DROP UDP 192.168.1.3 192.168.1.111 55667 53 60 - - - - - - - RECEIVE
2018-05-12 11:35:31 DROP UDP 192.168.1.3 192.168.1.255 137 137 78 - - - - - - - RECEIVE
2018-05-12 11:35:32 DROP UDP 192.168.1.7 192.168.1.111 51933 53 62 - - - - - - - RECEIVE
2018-05-12 11:35:32 DROP UDP 192.168.1.3 192.168.1.111 55667 53 60 - - - - - - - RECEIVE
2018-05-12 11:35:32 DROP UDP 192.168.1.3 192.168.1.255 137 137 78 - - - - - - - RECEIVE

Incoming connections to 53 (dns) and 137 (network discovery) are dropped ..

Port 53 is in the server firewall to allow any , it has 'block edge traversal' set on.

Any ideas ?

Thanks.
0
Hello Experts,

Can someone please take a look at my Task Manager and let me know if its normal for Bitdefender and Google to be taking up so much memory. At the moment, I'm only running one instance of Google and yet it shows 11 instances running.



Any thoughts will be greatly appreciated.
0
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

We are contemplating whether to use McAfee endpoint security's firewall or Windows firewalls
on our 30+ branches : the branches have some crucial Desktops running database services:
though the branches (ie spoke) connect back to our DC (ie hub), potentially some branches
may have their own broadband (or even just via 4G).

It's a debate between our Windows Desktop & our Firewall admins which one to use.

I know in previous Deep Security, I will have to create numerous 'policies' : one for each
branch though the branches have the same desktops running database services listening
on the same ports and when I upgrade the agents centrally from the EPO, had run into
issues:  modules (eg: Firewall or File Integrity Monitoring) that are not enabled previously
(say for servers), got auto-enabled.

So not sure if McAfee Firewall has similar or any other issues: kindly elaborate
0
Cannot access FTP Server (Win2016Std) from Internal.  (or from outside, when used with WordPress as a client)

FTP Server (10.0.5.15) and IIS on same server behind firewall (TMG 2010). Configured publishing rule to forward External IP (X.X,X,X) to Internal (10.0.5.15)

All firewall rules are configured. Can connect from outside by FTP client (PASV) - no problems! Do not really need to connect from LAN, but

THE PROBLEM IS:

WORPRESS SITE requires FTP Server setup on WEB Server to upload Updates from WEB Site.

When I try to ftp from WordPress it sends internal IP of the WEB Site as a client IP (10.0.5.15) not the Client IP of the Browser machine.
So, TMG does not allow internal to external loopback...

Any solution?
0
blocking webmail on Cisco Umbrella but allowing gmail, office365 links

the problem is i am allowing gmail.com and mail.google.com but when i block the webmail category it also blocks gmail. can idea what other url i need to allow?
0
Hi Guys

I am looking for the experts in the security field that could help me with this one.
What would be the pros and cons when it comes to open source firewalls and commercial firewalls?

IE support / costs etc.

What would be the best to use, that would be compatible with Azure VPN Route base and policy based routing for site to site / remote branch connectivity?
0
Hello Experts
i'm trying to set up WCCP between a Cisco 6500 router  and Bluecoat ASG-S200

This is the WCCP configuration on 6500 side :


access-list 150 permit tcp any any eq www
access-list 150 permit tcp any any eq 443

ip wccp web-cache
ip wccp 90 redirect list 150

int vlan 100
description << Client VLAN >>
ip wccp 150 redirect in

Open in new window



[b]sh ip wccp 90 detail [/b]
        No information is available for the service

Open in new window



Debugging on Cisco 6500

8385566: 20w4d: WCCP-EVNT:D150: Here_I_Am packet from 10.1.150.2: service not active

Open in new window


Thanking in advance
0
Website can't be reach internal network!

I have weird issue came up. we have company website that hosted on Godaddy.com and working. I can access from outside of my network and without our router/firewall. I used my laptop directly plug into ISP modem and can access the website fine.  I can ping by ip address of the site and name of the address.  I can ping www.website.com or website.com just fine.
I can nslookup from internal computer and came up with correct ip address. I cleared the cache on internal DNS server.  I tried turn off firewall (Cisco RV345P).
None of these working. Help!!!
0

Software Firewalls

19K

Solutions

20K

Contributors

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.