![]() ![]() (Instructions: ‘SSL/TLS inspection rules’ / Video: ‘ Xstream SSL inspection in XG Firewall v18′). Ensure you have one or more TLS inspection rules applied to your internet traffic, otherwise a lot of the protection discussed below will be ineffective. XG Firewall v18 introduced the new Xstream TLS Inspection feature that provides high-performance inspection of encrypted traffic, enabling you to properly protect your network. Most internet traffic is encrypted with SSL/TLS making it impossible to secure without proper inspection. Recommended protection best practices TLS Inspection These should only be used in special circumstances or for troubleshooting, never as an active protection policy. In general, do not apply “Allow All” or “None” when selecting a protection policy. ![]() XG Firewall makes it super easy to assign web protection and control, intrusion prevention (IPS), sandboxing, and file analysis as well as application control. Make sure you’re applying essential protection to all your firewall rules. You can easily snap-in protection policies to your Firewall Rules If you are on v18 already, review all your NAT rules to ensure all are required and adequately protected by a corresponding firewall rule. If you are on v17.x we suggest you upgrade to v18 for the latest NAT rule enhancements. VPN and MFA provide much better security for remote access to internal network resources. In particular, disable all non-essential port-forwarding rules, and re-evaluate if any of the port-forwarding rules you have can be better accommodated via VPN access or, at the very least, multifactor authentication.Įxposed services and servers through port forwarding are one of the top ways hackers breach your network. Then, go through your firewall rules to examine all the active rules to ensure they are needed and proper protection is being applied. Start by checking the ‘Active firewall rules’ widget on the Control Center to identify unused rules: Ensure you don’t have any unnecessary or unused rules that are presenting openings that hackers can take advantage of. It’s very important that you periodically review all your firewall rules to ensure that there are no avoidable “openings” in your network. If your firewall has been running for a while, you may have dozens or even hundreds of firewall rules you’ve added over time. If you’re new to XG Firewall or v18, check out the introductory video on Firewall Rules and the What’s new in v18 for Firewall Rules video. Hence, it’s essential to protect your network by applying security policies to these firewall rules. Of course, by design, your firewall blocks all network traffic – your network is completely locked down – but you enable traffic to flow by creating firewall rules.įirewall rules enable your network to function, but they also create opportunities for hackers, ransomware, and malware to enter. INSTRUCTIONS: ‘How to download firmware updates’ ► VIDEO: ‘Firmware update and roll-back’ ► Firewall rule and protection policy recommendations You can get the latest v18 release for your XG Firewall from MySophos.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |