8/4/2019 09 Firewall Policy

1/12

Virtual Firewall Policy, 1 2009 ForeScout Technologies

Firewall Policy

CounterACT 6.3.4.0

Customer Training

8/4/2019 09 Firewall Policy

2/12

Virtual Firewall Policy, 2 2009 ForeScout Technologies

Agenda

What is Virtual Firewall Protection?

Central Management

Blocking Rules

Allow Rules

Configurations Affected

Export Rules

CounterACT Rule Priorities

Chapter 11, Managing your Virtual Firewall, 6.3.4.0 Console User Manual

8/4/2019 09 Firewall Policy

3/12

Virtual Firewall Policy, 3 2009 ForeScout Technologies

What is Virtual Firewall Protection?

Menu Bar: Tools > Virtual Firewall

Close off network segments entirelyto deal with new threatsvulnerabilities

Close off network segments tohosts/user groups

Designate business-critical servicesthat should always remain open

Prevent unwanted protocols from

moving within your network.(prevent RPC traffic from beingtransmitted between variousdepartments)

Virtual firewall protection lets you create network security zones to giveyou more control over network traffic

8/4/2019 09 Firewall Policy

4/12

Virtual Firewall Policy, 4 2009 ForeScout Technologies

What is Virtual Firewall Protection? (contd)

Menu Bar: Tools > Virtual Firewall

CounterACTs virtual firewall gives

you all the benefits of an inlinefirewall, without being locatedinline. This means there are noissues of latency.

8/4/2019 09 Firewall Policy

5/12

Virtual Firewall Policy, 5 2009 ForeScout Technologies

Central Management

Virtual firewall rules are centrally managed from the Enterprise Manager

Rules cannot be managed from individual Appliances

Rules are applied across the enterprise

Disabled for individual Appliances

Tool Bar: > Virtual Firewall

8/4/2019 09 Firewall Policy

6/12

Virtual Firewall Policy, 6 2009 ForeScout Technologies

Blocking Rules

Prevent outbound traffic at source IPs from reaching target hosts/services

8/4/2019 09 Firewall Policy

7/12

Virtual Firewall Policy, 7 2009 ForeScout Technologies

View Blocked Events

View hosts blocked by blocking rule, useful for troubleshooting

Menu: Log > Blocking Log

8/4/2019 09 Firewall Policy

8/12

Virtual Firewall Policy, 8 2009 ForeScout Technologies

Allow Rules

Allow outbound traffic at selected source IPs to reach targethosts/services

Access permitted at target IPs regardless ofother CounterACT block settings

Use, for example, to keep mission critical services open

Tool Bar: > Virtual Firewall

8/4/2019 09 Firewall Policy

9/12

Virtual Firewall Policy, 9 2009 ForeScout Technologies

Configurations Affected by Virtual Firewall Policy

Rules defined directly from the Virtual Firewall box

Hosts detected via Policy VirtualFirewall action

Authentications services defined viaGroup feature

Virtual Firewall rule defined from theControl Center

Protected services defined viaVulnerability Scan

Defend as result of Network Portal access

8/4/2019 09 Firewall Policy

10/12

Virtual Firewall Policy, 10 2009 ForeScout Technologies

Export Rules

Export Virtual Firewall rules to a .csv file for reporting purposes

Tool Bar: > Virtual Firewall > Export

8/4/2019 09 Firewall Policy

11/12

Virtual Firewall Policy, 11 2009 ForeScout Technologies

CounterACT Rule Priorities

Rules created directly via the Virtual Firewall dialog box takeprecedence over Virtual firewall rules created via Policy

CounterACT rule hierarchies, from highest to lowest

Virtual Firewall - Allow rule IPS Policy - Malicious Blocked (host, port) and Virtual Firewall Block

rule

Group Definition - Authentication Servers (allow access)

Policy - Virtual Firewall Block

8/4/2019 09 Firewall Policy

12/12

Virtual Firewall Policy, 12 2009 ForeScout Technologies

Questions?