Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

380| Roles and Policies AOS-W 6.5.3.x| User Guide

IP-Classification-Based Firewall

In versions prior to AOS-W 6.5, firewall policy enforcement relied on L3/L4-L7 information with DPI/WebCC

support, this feature is now enhanced to support IP classification based firewall.

To support IP-classification-based firewall, a database containing a list of IP addresses with malicious activities

is introduced. This helps in rejecting the traffic sent to or received from those IP addresses classified as

malicious based on the policy configured. Using this database, the geographical location of the malicious IP

address is also determined, and traffic is permitted or denied after scanning the geography-based rules

configured by the administrator.

Once a session is IP classified, the datapath subjects the session through IP classification based firewall policies.

If a match is found, the action determines whether the session should be permitted or denied. Else the default

role-based firewall policies are applied to the session.

The IP Classification Based Firewall is applied with the following exceptions:

n Traffic originating from VPNand RAPusers traveling to a country/region which is blocked by location-based

firewall policies, can be exempted from policy enforcement.

n Traffic to or from certain IPaddresses from regions identified as malicious can be permitted by modifying

the whitelist rules.

n Traffic routed through a proxy server is also subject to geolocation firewall policy. To prevent incorrect

policy enforcement, the firewall performs Deep Packet Inspection (DPI) and retrieves a list of IP addresses.

Then an IPclassification lookup in the datapath is done to determine the reputation and geographic

location of the client. Once the reputation/location of the client is determined, a check is done against the IP

classification access policies to determine if the traffic should be permitted or denied.

To implement the IPClassification feature, two new dashboards have been introduced:

n Traffic

n Traffic Analysis

In the WebUI

To enable IPClassification based firewall globally:

1. Navigate to the Configuration > Advanced Services > Stateful firewall > Global Setting page.

2. Select the Enable IPClassification checkbox to enable the Traffic and Threats tabs of the Traffic

Analysis page.

3. Click Apply.

To enable Geolocation ACLglobally:

1. Navigate to the Configuration > Security > Access Control > Firewall Policies > Policies page.

2. Select the Geolocation filter and select Add.

3. Enter the rule to be applied and selectAdd.

4. Click Apply.

To enable Reputation ACLglobally:

1. Navigate to the Configuration > Security > Access Control > Firewall Policies > Policies page.

2. Select the Reputation filter.

3. Select Deny Inbound Connections from Malicious IP Addresses and Deny Outbound Connections

from Malicious IP Addresses to block inbound and outbound connections to malicious IPaddresses.

4. Click Apply.

In the CLI

To enable IPreputation / geolocation classification based firewall, execute the following command:

Main Page

Alcatel-Lucent AOS-W 6.5.3.x - Page 380

Table of Contents