From the description I'm not completely sure whether you have the device configured in Layer 2 firewall or IPS role. For this task relevant is whether device is inline or only monitoring traffic ie. has capture interface where network traffic is forwarded. Device has to be inline to be able actively block traffic. Passive mode on other hand refers to generic option turned on only to log even configuration is set to Discard/terminate.
To block specific web site you should create HTTP URL Filtering Situation and use that in Inspection policy. Direct link to Online Help: http://help.stonesoft.com/onlinehelp/StoneGate/SMC/5.9.2/GUID-6A4811A6-C8D6-4922 -B7BD-5F4F3A93FF9C.html
NGFW can also do category based web filtering.
Hi Sir Vnippula,
Good day, first of all thank you for the response in my question, and also sorry if my English is bad and my description to my issue is vague. I'm new on this product and I only know how to install the smc and connect the appliance to the smc.
My current setup is layer 2 firewall:
interface 0 - firewall appliance in Layer 2 Firewall Role
Interface 1(inline to interface 2) - My laptop
Interface 2 - Internal network (test laboratory)
My goal to achieve is to Monitor all the visited website of my laptop and also the workstation in the test laboratory, then that's the time I will look in the report logs on what website that are not related to the work then block it.
For the HTTP URL filtering situation in the Inspection policy, I already do the configuration but it's not working and until now I'm trying to troubleshoot my config but I cannot fix it, also I tried to Run a Report logs in TOP URL Categories but there is no output.
Again many thank you for the response.
for the firewall to log the visited websites, you need to use the "HTTP (with URL logging)" service in your access rule. This creates additional HTTP_URL-Logged log entry when an URL is detected and this data can be used in reports. For example "Top HTTP requests" shows the ranking based on full URL (hostname + URI). You can add "HTTP entries by request host" (Add new section > Create from item) to a report and that shows the ranking per domain (hostname).
To get any data on URL Categories you need to have web filtering enabled. This requires that traffic is inspected and some URL filtering situations in inspection policy are set to permit/terminate or log. This is a separately licensed feature but should be included in trial license. It also requires that DNS server is specified in firewall properties and that the fw has access to internet on TCP ports 443 and 2316.
Hi Sir Inurmi,
Thank you for the reply and giving solutions.
I will try the solution that you gave tomorrow and post here if it will work or not("my configuration is wrong").
By the way this is my last configuration in
IPv4 Access rule:
rule 1 Interface - any, source - any, destination - any, service - any, Action - Continue, Logging - Stored Accounted, User enforced, Application Enforced, No executable with Payload
rule 2 : Interface - any, source - any, destination - any, service - HTTP with URL logging, Logging, Action - Continue, Logging - Stored Accounted, User enforced, Application Enforced, No executable with Payload
Traffic Identification- Action - Permit, Logging - Alert
URL Filtering-Action - Permit, Logging - Alert
I have a question regarding on this ("It also requires that DNS server is specified in firewall properties and that the fw has access to internet on TCP ports 443 and 2316.")
Based on my understanding I need to create an IPv4 Access Rule for allowing the TCP ports 443 and 2316?
And Lastly based on what I remember before I connect the NGFW appliance 325 to the SMC, I put the DNS server in our test laboratory to the SMC and in the Firewall appliance.
Again thank you very much for giving ideas to solve my issues.