Traditional firewalls focus on blocking simple threats and intrusions.

To enhance threat protection, business grade firewalls have added Unified Threat Management (UTM) services such as:

• Anti-Virus
• Anti-Spyware
• Intrusion Prevention
• Content Filtering
• Anti-Spam service

Most traffic passing through a firewall is not threat based, but is instead applications or data. This gives rise to the Application Firewall which can manage and control data and applications that pass through the firewall.

but blocking threats is just the beginning

What does it do?

The Application Firewall provides bandwidth management and control, application level access controls, data leakage control functionality, restrictions on the transfer of specific files and documents and much, much more.

How does it work?

An Application Firewall allows custom access controls based upon user, application, schedule or IP subnet level. This allows an administrator the ability to create policies that address the full range of applications that are available for access and for the first time truly manage them.

Allows you to classify, control and manage applications and data that pass through your firewall.

Access to streaming video sites, such as youtube.com, is sometimes useful but often abused.

Blocking the site might work, but the best answer could be to limit the bandwidth given to streaming video sites.

Create a Policy to limit streaming video

• Use the Deep Packet Inspection (DPI) engine to look for HTTP Host = www.youtube.com in HTTP header.
• Apply bandwidth restrictions to traffic with header

You can limit bandwidth for applications over specified times of the day - say from 9:00am until 5:30pm

Okay, so we just restricted bandwidth to www.youtube.com. Now your CEO and CFO are complaining that the "business news videos" they review each day are too slow. You could ease off on the bandwidth restrictions for everyone, but now there is a better answer - group-based bandwidth management.

Create a Policy to not limit streaming video for the executives

• Apply this policy to the "executive" group imported from your LDAP server
• Use the Deep Packet Inspection (DPI) engine to look for HTTP Host = www.youtube.com in HTTP header
• Apply bandwidth guarantee to traffic with that header

You have anti-spam protection right?

Okay, lLet's assume your existing anti-spam protection can detect and block a normal outbound email that contains "Company Confidential" information.

But, what if an employee uses a web based mail service such as Yahoo or Gmail to send out "Company Confidential" information?

Create a Policy to block "Company Confidential" email

• Deep Parket Inspection (DPI) engine looks for Email Body = "Company Confidential"
• Block messages and notify the sender that the message is "Company Confidential"

Your Boss: Wants to use Interet Explorer (IE) 7.0 as the company standard browser

Your Mission: Ensure all company systems are using IE 7.0 - nothing else!

Your Possible Solutions:

1. Physically check everyone's system each day for "Foreign" browsers
2. Set-up some type of script to check everyone's system for "Foreign" browsers and make sure it checks everyone's system everyday.
3. Set up a policy in the Application Firewall and stop worrying

Create a "I've got better things to do" Policy

• Deep Packet Inspection (DPI) engine looks for User Agent = MSIE 7.0 in HTTP header
• Allows IE 7.0 traffic and blocks other browsers

You set up an FTP site for the exchange of large files with one of your business partners and you want to make sure that only the project manager at the partner and no one else can upload files.

Create a Policy to allow FTP uploads, but only for certain people

• Deep Packet Inspection (DPI) engine looks for FTP Command = PUT
• DPI engine looks for Authenticated User Name = "pm_partner"
• If both are True then allow PUT

You can also disallow any FTP commands you think are "unnecessary" for a given FTP server

Problem 1: Peer-to-Peer (P2P) applications such as BitTorrent can steal bandwidth and bring with them all kinds of mischevious files.

Problem 2: The creation of new P2P applications or simple changes to the existing P2P applications, like a version number changes, happen all the time.

Create a Policy to detect P2P applications

Deep Packet Inspection (DPI) engine looks for a P2P Application signature on the IPS signature list...

P2P applications can be blocked or just limited through bandwidth and time-based restrictions

Streaming audio sites and streaming radio sites consume precious bandwidth, but there are legitimate business reasons to access such sites.

There are two ways to manage this challenge:

Control by Web Site

Create a list of streaming audio sites you would like to manage

Create a Policy to detect streaming audio sites

• Use the Deep Packet Inspection (DPI) engine to look for HTTP Host = Streaming Audio Site block list in HTTP header

Control by File Extension

Create a list of audio file extensions you would like to manage

Create a Policy to detect streaming audio content

• Use the Deep Packet Inspection (DPI) engine to look for File extension = Streaming Audio Extensions block list in HTTP header

Once "detected" you can block or just bandwidth manage the streaming audio

Today many mission-critical applications, such as SAP, Salesforce.com and SharePoint are cloud based or they are running across geographically dispersed networks. Ensuring these applications have priority to get the network bandwidth they need to operate can improve business productivity.

Create a policy to give bandwidth priority to the SAP application

• Deep Packet Inspection (DPI) engine looks for the application signature or application name
• Assign the SAP application a higher bandwidth priority

Application priority can be date based (think end-of-quarter priority for sales applications)

In some companies, outbound email does not pass through their email security system or that system does not check the content of email attachments. In either case "Company Confidential" attachments can easily leave the organisation.

Since outbound network traffic goes through your firewall, you can detect and block this "data-in-motion"

Create a Policy to block email attachments which contain the "Company Confidential" watermark

• Deep Packet Inspection (DPI) engine looks for:
  Email Content = "Company Confidential" and also
  Email Content = "Company Proprietary" and also
  EMail Content = "Private Prorietary" and... you get it

This can be done for FTP based content too!

Can your Firewall block any of the following?

• An EXE file being downloaded from a web page
• An EXE file as an email attachment
• An EXE file from being transferred via FTP
• How about PIF, SRC or VBS files?

Create a Forbidden File Extension List

Create a Policy to block forbidden file extensions

• Deep Packet Inspection (DPI) engine looks for File Extensions in HTTP, Email Attachment or FTP = Forbidden File Extension, If file blocked, send Notification

HIGH PERFORMANCE FIREWALL

+

UNIFIED THREAT MANAGEMENT

+

APPLICATION FIREWALL

+

MANAGED, MONITORED, SUPPORTED AND ENHANCED SERVICE

=

solved.it AND SonicWALL Network Security Applicance
Performance, Protection, Pin-Point Control and Support
Tel: 01565 756 170 and speak to a member of our team to find out more