URL FILTERING IN FORTIGATE

-
URL Filtering in PALO ALTO requires configuration of below things, 
1 . Interface/Zone configuration 
2 . Static route Configuration . 
3 . URL Filtering Configuration 
4 . Security Policy Configuration 

Topology :



Interface , Router Config:

1 . Configure the interface which is connected to linux vm in private network and mgmt interface
config system interface
    edit "port1"
        set ip 10.10.9.11 255.255.255.0
        set allowaccess ping https ssh http fgfm
    next
    edit "port2"
        set ip 15.15.15.102 255.255.255.0
        set allowaccess ping https ssh http
    next
end

2 . Configure the interface which is connected to internet
config system interface
    edit "port3"
        set ip 10.48.110.206 255.255.255.0
        set allowaccess ping https ssh http
    next
end

3 . Set default route pointing to internet facing interface and route for mgmt network
config router static
    edit 20
        set dst 10.20.2.0 255.255.255.0
        set gateway 10.10.9.1
        set device "port1"
    next
    edit 1
        set gateway 10.10.9.1
        set device "port1"
    next
end

4 . Create Zone configuration
config system zone
    edit "dmz"
        set interface "port3"
    next
    edit "inside"
        set interface "port2"
    next
end


5 . Create web filter profile

config webfilter urlfilter
    edit 363
        set name "web-filter-demo"
        set comment "web-filter-demo"
        config entries
            edit 208
                set url "www.yahoo.com"
                set type wildcard
                set action allow
            next
            edit 284
                set url "www.whatsapp.com"
                set type wildcard
                set action allow
            next
            edit 224
                set url "www.google.com"
                set type wildcard
                set action allow
            next
            edit 241
                set url "www.sdxcentral.com"
                set type wildcard
                set action block
            next
            edit 236
                set url "www.cnn.com"
                set type wildcard
                set action block
            next
            edit 278
                set url "www.bbc.co.uk"
                set type wildcard
                set action block
            next
        end
    next
end

config webfilter profile
    edit "web-filter-demo"
        config web
            set urlfilter-table 363
        end
    next
end

6 . Apply security policy from zone any to any

config firewall policy
    edit 1
        set name "security-policy-demo"
        set uuid e816fe0e-982c-51e7-d0cd-665a119a7840
        set srcintf "inside"
        set dstintf "dmz"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set comments "security-policy-demo-on-pan-os"
        set webfilter-profile "web-filter-demo"
        set profile-protocol-options "default"
        set nat enable
    next
end

Here from/to can be either zone or singel interface. 

Now if we try to access www.run.com on linux machine , Firewall will deny the access to it as URL request goes through firewall..



Comments

Post a Comment

Popular posts from this blog

URL FILTERING IN PALO ALTO FIREWALL

-
Image
URL Filtering in PALO ALTO requires configuration of below things,  1 . Interface/Zone configuration  2 . Static route Configuration .  3 . NAT Configuration  4 . URL Filtering Configuration  5 . Security Policy Configuration  Topology : Interface , Router Config: 1 . Configure the interface which is connected to linux vm in private network and mgmt interface config system interface     edit "port1"         set ip 10.10.9.11 255.255.255.0         set allowaccess ping https ssh http fgfm     next     edit "port2"         set ip 15.15.15.102 255.255.255.0         set allowaccess ping https ssh http     next     edit "port3"         set ip 10.48.110.206 255.255.255.0     ...
Read more

Fragmentation and GRE tunnels

-
Image
Fragmentation and GRE tunnels : =================================== What is Tunnel : A tunnel is logical interface that provides a way to encapsulate passenger packet inside a transport protocol. Tunneling has three memory components . 1 . Passenger protocol (Apple talk , CLNS,IP or IPX,DECNET) 2 . Carrier protocol – one of the encapsulation protocols GRE ,IP in IP tunnels 3. Transport protocol – The protocol used to carry the encapsulated protocol Original Packet : IP-TCP-Telnet Tunnel Encapsulated packet : IP-GRE-Original packet Where IP is transport protocol , GRE is the encapsulation protocol , IP is passenger protocol Example : Where IP and DECNET are passenger protocols and GRE is carrier protocol. Why tunnelling is required here ? Two non IP discontiguous networks are separated by IP network. The administrator may not want to connect them together by configuring DECNET in the IP ne...
Read more