Transcription
SidewinderProduct Guide8.3.2P03 and laterRevision C
2017 ForcepointForcepoint and the FORCEPOINT logo are trademarks of Forcepoint.Raytheon is a registered trademark of Raytheon Company.All other trademarks used in this document are the property of their respective owners.Published 2017This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to anyelectronic medium or machine-readable form without prior consent in writing from Forcepoint. Every effort hasbeen made to ensure the accuracy of this manual. However, Forcepoint makes no warranties with respect tothis documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose.Forcepoint shall not be liable for any error or for incidental or consequential damages in connection with thefurnishing, performance, or use of this manual or the examples herein. The information in this documentation issubject to change without notice.
Sidewinder 8.3.2P03 and later Product GuideTable of contentsPreface. 9Conventions.9Find product documentation. 91 Introduction to Sidewinder. 11Features of Sidewinder. 11Networking elements.11How to control access. 14Protection from attacks. 15Encrypted content inspection.16Global Threat Intelligence. 16Planning and setup. 192 Planning.21Planning your setup. 21Integration Checklist. 37Quick Start Wizard Response Form. 383 Installation and configuration.41Requirements.41Install the Management Tools.42Configure Sidewinder. 43Configure using other methods.464 Startup. 53What the Admin Console does. 53Activating the license. 56Complete post-setup tasks.61Policy.655 Policy overview. 67Types of rules. 67What access control rules do. 68Logic of SSL rules. 73Interaction between rule types.80Rule order.816 Network objects and time periods.85Types of network objects. 85Manage network objects. 86Manage netgroup membership. 89Manage time periods.907 Identity validation.93Validating users and user groups. 933
Sidewinder 8.3.2P03 and later Product GuidePassive identity validation. 94Active identity validation.95Users and user groups. 1068 Content inspection.113Methods of content inspection. 113Configure IPS inspection.114Configuring virus scanning.125How McAfee Global Threat Intelligence works.128Benefits of SmartFilter.1369 McAfee EIA. 147How McAfee EIA works. 147Benefits of McAfee EIA.149Understanding file reputation in the firewall audit.150Configure certificates.152Configure McAfee EIA settings on Sidewinder.156View active hosts connected to Sidewinder. 163View related firewall audit. 16410 Applications. 165Using applications in policy.165Manage applications.173Manage application groups. 175Updating application signatures on an isolated network. 17711 Application Defenses.179Understanding Application Defenses. 179How the Generic Application Defense profile works. 182Virus scanning. 186Managing Application Defense groups. 188Managing Application Defense profiles.19112 Access control rules.197Creating and managing access control rules. 197Configuring access control rules.197Examine how access control rules overlap. 204Create access control rules and groups.207Modify access control rules and groups. 208Arrange access control rules and groups.208View access control rules and groups.209Modify general settings. 21113 SSL rules.213Configuring SSL rules. 213Duplicate an SSL rule. 219Modify SSL rules. 219Arrange SSL rules.220View SSL rules.221Configure which columns are displayed. 22214 Policy in action.223Working with policy. 223Allowing a custom application.2244
Sidewinder 8.3.2P03 and later Product GuideAllowing inbound access to internal servers. 225Allowing outbound web access.233Allowing IPv6 network flows through the firewall.236Configure IPv4-to-IPv6 translation for HTTP. 239Configure non-transparent HTTP.243Controlling access based on user identity.246Create an alternate policy.249Creating SSL content inspection exemptions. 250Decrypting and inspecting SSH content. 252Deny access based on country of origin. 257Deny access to an application category.258Discovering which applications are in use in a zone.260Examine your policy using the Firewall Policy Report.262Inspect and control inbound HTTPS.262Inspect and control outbound SSL (including HTTPS). 266Create a rule to allow traceroute through the firewall. 271Create a SPAN policy. 272Monitoring.27715 Dashboard. 279What the dashboard monitors.279Use the dashboard.28016 Auditing. 283Importance of auditing.283Viewing audit data.289Filter audit data. 296Transferring audit records. 307Managing log files. 309Export audit data to syslog servers. 31517 Audit responses. 317Understanding attack and system responses.317Managing attack responses. 318Managing system responses. 324Ignore network probe attempts. 328Enabling an SNMP trap. 32918 McAfee ePolicy Orchestrator integration. 331ePolicy Orchestrator and Sidewinder communication. 331Configure firewalls for ePolicy Orchestrator reporting. 332Troubleshoot Sidewinder to ePolicy Orchestrator communication. 33319 Network defenses.335Viewing network defense information. 335Restore network defenses. 337Configure the TCP network defense. 337Configure the IP network defense. 338Configure the UDP network defense. 339Configure the ICMP network defense.339Configure the ARP network defense. 3405
Sidewinder 8.3.2P03 and later Product GuideConfigure the IPsec network defense.341Configure the IPv6 network defense. 34220 SNMP. 345Your SNMP needs. 345Setting up an SNMP Agent. 345When to use the SNMP pass-through.359Networking. 36121 IPv4 and IPv6 overview. 363Support for IPv4 and IPv6. 363Firewall IPv4 and IPv6 support by area. 364Access control rules and IPv6. 36722 Security zones. 369What isolates networks. 369Configuring zones.37023 Interfaces and NICs. 373Attributes of a network interface. 373Manage interfaces. 380Manage NICs and NIC groups. 392Test connectivity for an interface or NIC. 39524 Quality of Service.397Quality of Service and how it works. 397QoS scenarios. 398Configure Quality of Service. 400Enable DSCP pass-through. 40725 DHCP Relay.409How DHCP Relay helps.409Configure the DHCP Relay server.409Create DHCP Relay rules.41126 Routing. 413Routing protocols in firewall.413Configuring static routes. 414Configuring dynamic routing server processing.419What RIP does. 420How OSPF works.429Concepts of OSPF IPv6.434What BGP passes.437Why the PIM-SM protocol is used.443Dynamic routing in HA clusters. 456Troubleshooting dynamic routing issues.45627 DNS (domain name system). 459Types of DNS modes.459Configuring transparent DNS. 460Configuring firewall-hosted DNS. 461Reconfiguring DNS.4776
Sidewinder 8.3.2P03 and later Product GuideDNS message logging. 480Configuring DNSSEC. 48028 Email. 487Email options. 487Set up and reconfigure email. 492Configuring advanced sendmail features.494Managing mail queues. 503Managing email messages sent by firewall.50629 VPN (virtual private networks).509Benefits of the Sidewinder VPN solution.509Plan your VPN. 511What VPN user interfaces help to do.520Example VPN Scenarios.522Create VPN policy.532Maintenance. 56130 Administration management.563Management options. 563Admin Console access management. 565Command line interface access management.56731 General maintenance. 575Manage administrator accounts. 575Understanding time synchronization. 578Configure time synchronization.581Configure network clocks. 583Configure firewall self-diagnostics.584Enable hardware acceleration.586Understanding software management. 586Update software. 588Shutdown options. 596Configure the firewall for UPS. 598Register the firewall with Control Center.
Forcepoint Sidewinder (Sidewinder) allows you to protect your network from unauthorized users and attackers, and to protect internal users as they access the Internet. Features of Sidewinder Sidewinder combines an application-layer firewall, user-based policy, IPsec VPN capabilities, SSL decryption,
