Firewall Integration

Firewall and Intrusion Prevention System – Seamless Co-operation

StoneGate Firewall and IPS work seamlessly together to provide layered defense.

StoneGate IPS Sensor detects and immediately prevents attacks in the network segment that it is protecting. At the same time, it expands and strengthens the protection against that attacker sending a blacklist request across the corporate firewall structure.

StoneGate firewalls start to block any further traffic from the attacker and therefore block any further attempts to exploit vulnerabilities.

The StoneGate firewall administrator can decide where to put the blacklist entry placeholder in the firewall security policy.

When IPS Sensor sends the blacklist request to the IPS Analyzer then the Analyzer looks up its list of firewalls and forwards the blacklist request to firewalls in that list. The blacklisting will take effect in the specific row of the firewall security policy where the blacklist entry placeholder is located.

The firewall administrator can do manual blacklisting straight from the firewall logs if he/she sees something alarming in the logs.

For example, blacklisting can stop worm propagation between network segments. Early quarantine will reduce the time and resources needed for cleaning the worm-infected systems. Combined with whitelisting, blacklisting allows a safe automatic response to attacks while preserving production-critical traffic.

Whitelisting defines connections that cannot be blacklisted and blocked, such as critical production traffic. Whitelisting is an effective way to prohibit a hacker's misuse of blacklisting.

The blacklisting scope varies from incident to incident:

Block specific protocols or IP addresses
Block whole network segments
Block permanently or for a certain time period
Manually blacklist an offending host