Stormshield SN series Configuration Manual page 133

Public IP address reputation
Select a reputation
category
Host reputation
Enable filtering based
on reputation score
Reputation score
Click on Ok to confirm your configuration.
"Advanced properties" tab
Advanced properties
Source port
Via
Source DSCP
Authentication
Authentication method This field allows restricting the application of the filter rule to the selected
Click on Ok to confirm your configuration.
Page 133/448
This field allows applying the filter rule to hosts whose public IP addresses have been
classified in one of the predefined reputation categories:
anonymizer: proxies, IPv4 to IPv6 converters.
l
botnet: infected hosts running malicious programs.
l
malware: hosts distributing malicious programs
l
phishing: compromised mail servers.
l
scanner: hosts that conduct port scanning or launch brute force attacks.
l
spam: compromised mail servers.
l
tor exit node: endpoint servers of the Tor network.
l
Bad: groups all of the above categories.
l
NOTE
Since the reputation of a public IP address may border on two categories
(botnet and malware), and this field only allows selecting one category, you
are advised to use the "Bad" group for optimum protection.
Select this checkbox in order to enable filtering based on the reputation score of hosts
on the internal network.
To enable host reputation management and to define the hosts concerned with the
calculation of a reputation score, go to the Application protection > Host reputation
module.
This field allows selecting the reputation score above which (
the filter rule will apply to the monitored hosts.
This field allows specifying the port used by the source host, if it has a particular
value.
By default, the "Stateful" module memorizes the source port used and only this port
will then be allowed for return packets.
Any: This option implies that none of the following services will be used – the
connection will not go through the HTTP proxy, will not be redirected to the
authentication page and will not go through an IPSec VPN tunnel.
Explicit HTTP proxy: Traffic originates from the HTTP proxy.
SSL proxy: Traffic originates from the SSL proxy.
IPSec VPN tunnel: Traffic comes from an IPsec VPN tunnel.
SSL VPN tunnel: Traffic comes from an SSL VPN tunnel.
This field allows filtering according to the value of the DSCP field of the packet
received.
authentication method.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
FILTERING AND NAT
) or below which ( )