Stormshield Version 3 újdonságok

Megérkezett az SNS Version 3 firmware a Stormshield tűzfalakhoz. Az új verzió teljesen új alapokra épül, ezért rengeteg hasznos funkcióval bővült. Sokan frissítenek is már, és persze a beállításokkal kapcsolatban kérdések is felmerültek.

SNS V3

A tapasztalatok alapján mindenképp javasoljuk a release notes dokumentumot alapul venni. Van benne rengeteg hasznos infó amit érdemes tudni a váltás előtt és után is. Íme címszavakban összes új funkció:

Unified web interface
Temporary user management
Integration into a multi-domain environment
IP geolocation - Country-based filtering
IP Reputation – External host reputation
Dynamic Host Reputation – Internal host reputation
"DNS names (FQDN)" objects
Safe transmission of Syslog traffic through the TLS protocol
Possibility of configuring the hash algorithm in the internal PKI and the SSL proxy
IPFIX/Netflow support
Customized signatures on the intrusion prevention (IPS) engine
SNi40 - Hardware bypass
Importing and exporting the contents of the network objects database
Official support for KVM and Hyper-V virtualization platforms
Intrusion prevention scans on HTTP traffic with on-the-fly decompression
Possibility of adding a constraint on the Domain name of the certificate presented by an IPSec peer.
CRL verification and support for BindAddr in the firewall's LDAP requests
IPS scans of the Ethernet/IP industrial protocol
Intrusion prevention scans for SNMP
NAT support for Dynamic DNS
SSL proxy - Support for new encryption algorithms
Systematic verification of unused objects
Rule names in IPS logs and active connection logs
Exporting monitoring data and audit logs
Sandboxing – Form to report false positives
Authentication
SSL VPN
Child connections (active FTP) through virtual IPSec interfaces
TCP-based DNS requests
Addition of logs in stateful pseudo-connections
Support for generic 3G/4G modems
Strengthening the IPS scan on TCP
Other features