Firewall Policy

CounterACT 6.3.4.0

Customer Training

Virtual Firewall Policy, 1

2009 ForeScout Technologies

Agenda
What is Virtual Firewall Protection? Central Management Blocking Rules Allow Rules Configurations Affected Export Rules CounterACT Rule Priorities
Chapter 11, Managing your Virtual Firewall, 6.3.4.0 Console User Manual
Virtual Firewall Policy, 2 2009 ForeScout Technologies

What is Virtual Firewall Protection?

Virtual firewall protection lets you create network security zones to give you more control over network traffic
Close off network segments entirely to deal with new threats vulnerabilities Close off network segments to hosts/user groups Designate business-critical services that should always remain open Prevent unwanted protocols from moving within your network. (prevent RPC traffic from being transmitted between various departments)
Menu Bar: Tools > Virtual Firewall
Virtual Firewall Policy, 3 2009 ForeScout Technologies

What is Virtual Firewall Protection? (contd)

CounterACTs virtual firewall gives you all the benefits of an inline firewall, without being located inline. This means there are no issues of latency.

Menu Bar: Tools > Virtual Firewall

Virtual Firewall Policy, 4 2009 ForeScout Technologies

Central Management
Virtual firewall rules are centrally managed from the Enterprise Manager Rules cannot be managed from individual Appliances Rules are applied across the enterprise

Disabled for individual Appliances

Tool Bar:
Virtual Firewall Policy, 5

> Virtual Firewall

2009 ForeScout Technologies

Blocking Rules
Prevent outbound traffic at source IPs from reaching target hosts/services

Virtual Firewall Policy, 6

2009 ForeScout Technologies

View Blocked Events

View hosts blocked by blocking rule, useful for troubleshooting

Menu: Log > Blocking Log

Virtual Firewall Policy, 7 2009 ForeScout Technologies

Allow Rules
Allow outbound traffic at selected source IPs to reach target hosts/services Access permitted at target IPs regardless of other CounterACT block settings Use, for example, to keep mission critical services open

Tool Bar:
Virtual Firewall Policy, 8

> Virtual Firewall

2009 ForeScout Technologies

Configurations Affected by Virtual Firewall Policy

Rules defined directly from the Virtual Firewall box Hosts detected via Policy Virtual Firewall action Authentications services defined via Group feature Virtual Firewall rule defined from the Control Center Protected services defined via Vulnerability Scan Defend as result of Network Portal access

Virtual Firewall Policy, 9

2009 ForeScout Technologies

Export Rules
Export Virtual Firewall rules to a .csv file for reporting purposes

Tool Bar:
Virtual Firewall Policy, 10

> Virtual Firewall > Export

2009 ForeScout Technologies

CounterACT Rule Priorities

Rules created directly via the Virtual Firewall dialog box take precedence over Virtual firewall rules created via Policy CounterACT rule hierarchies, from highest to lowest
Virtual Firewall - Allow rule IPS Policy - Malicious Blocked (host, port) and Virtual Firewall Block rule Group Definition - Authentication Servers (allow access) Policy - Virtual Firewall Block

Virtual Firewall Policy, 11

2009 ForeScout Technologies

Questions?

Virtual Firewall Policy, 12

2009 ForeScout Technologies