Enforce inspects Network traffic to determine which packets to block and allow. Policies attached to Networks determine the internet services allowed into your network, as well as those services your local users can access outside the network.
One or more network rules comprise a configured Network in threatER and each network is identified as a device, asset, or subnet on your network. If the Enforcer receives traffic for the configured Protected IP, then it will allow traffic according to the policy associated with the Network. Each Network configuration includes a protocol and port, or range of ports, so that you may restrict specific policy activity to as granular a level as required.
An Enforcer must have a Enforce build greater than 180 installed to fully take advantage of this feature within the portal. As such, we strongly urge customers to update to the latest software to be able to use these powerful centralized control features. Customers who have not yet updated are not able to control these features centrally, and instead must leverage the legacy Enforce UI elements.
Creating Networks
To create a Network, navigate to Enforce > Networks in the left-hand navigation menu. Select the "Create" button in the top-right corner.
Network Details
Provide the following (* indicates required field):
Field Name | Description |
Name* | Unique name required |
Description | Enter an optional description |
Enforcers | Select the desired Enforcer(s) drop-down. Enforcers on Enforcers Build 154 or prior build will not display in this drop-down. |
Directions* | Options include Inbound, Outbound or Both. Inbound determines the kind of internet traffic allowed into your network with each inbound rule showing a particular computer and service that will be visible to the internet. Outbound determines how your local computers can access the internet. Each outbound rule shows which particular outside internet service a computer can access. |
Once all required fields are complete, select the Next button to proceed to the next step.
Inbound / Outbound
Provide the following for the Direction(s) selected in the previous step (* indicates required field):
Field Name | Description |
Policy* | Name of Policy associated with the Network |
Drop Action* | Options include Discard, ICMP Unreachable, TCP Reset. The Discard option drops the packet and does not send any response (silently discards it). This is useful especially for inbound attempts, so that malicious attackers are not necessarily able to determine your presence. The ICMP Unreachable drops the packet and sends an ICMP unreachable packet to the sender. This is generally recommended only for use with outbound policies. The TCP Reset drops the packet and sends a TCP Reset packet back to the sender. Recommended only if the firewall doesn't properly allow ICMP Unreachable messages. Additionally, this is generally recommended only for use with outbound policies. |
Select Next to proceed to the next step.
If Both was chosen as the Direction on the Protected Network Details step, the net step will be the same as above, but for the Outbound direction.
Admins have the option to create a new policy within the Network wizard if a policy does not exist yet to apply to the new Network. Select the Create button on the Inbound or Outbound step and then follow the steps to create a policy, outlined in the Policies section.
IPs
Provide the following to add IPs to your Network (* indicates required field):
Field Name | Description |
IP* | The IP address to be allowed or blocked |
Maskbits* | Subnet mask using CIDR notation (integer ranging from 0 to 32) |
Description | A description of the IP address, e.g. the related URL |
Port* | Options include selecting All Protocols, Previously configured port or create a new Port. All Protocols is the default selection. Click the drop-down to select a previously configure port. |
Click on the Create button to create a new Port.
Provide the following (* indicates required field):
Field Name | Description |
Name* | Name of the Port |
Description | A description of the Port |
Protocol* | All:256 is the default selection, but another protocol can be selected from the drop-down. Some protocols, such as TCP and UDP, require a Port and Port Range. |
Click on the +Add button to add the Protocol. Any additional Protocols can be included if necessary. Click the Create button to return to the Add Protected IP Panel.
Select the Add button to add the IP to the Protected Network.
Follow the steps above to add additional IPs. Select the Create Network button to create the Network once all IPs are added.
Edit a Network
To edit a Network, find the Network in the table and from the ellipsis menu, select Edit.
The Network Details is the default view when editing a Network. Select Direction(s) Inbound / Outbound to update the Policy and/or Drop Action. Select IPs to add or remove IPs. Refer to the IPs section above for guidance.
Make any necessary edits and then select another step that requires updates. Select the Save button in the top right corner if edits are only needed on one step.
Duplicate a Network
To duplicate an existing network, find the network that you would like to duplicate in the the table. Select Duplicate from the ellipsis in the row of the network.
A copy of the network will be created with the word "copy" appended to the network name. The network will not be assigned to any Enforcers until done so by editing the Network and manually applying the Enforcer(s) to the network.
Delete a Network
To delete a Network, find the Network in the table, and select Delete from the ellipsis menu.
Select Delete on the confirmation modal. The Network is now deleted and can't be retrieved.
Comments
0 comments
Please sign in to leave a comment.