Category: Firewalls

At my new place of work I have encountered Cisco’s NGFW offering: Firepower. The firewall policies are administered on an FMC (Firewall Management Center) and pushed or deployed to enforcement modules called FTDs (Firepower Threat Defense) . Instead of FTD’s you can do this on ASAs with an SFR module but I digress . Posts passim will testify that I like to test NGFWs by […]

Any readers of this blog will possibly remember that I compared a few different vendors’ firewalls to see how easy it was to configure them to block ssh access when it was running on the non-standard port of tcp 80 which is typically used by http. (This is a little contrived because anyone trying to get out like this would probably use tcp 443 giving […]

I recently wanted to find a reliable way of testing the sandboxing facility on a particular security device in a safe and controlled fashion. To test anti-virus systems you can you use an eicar file but this won’t trigger a sandbox. Someone recommended the site 7blessings.co.uk which creates dummy malware with a unique hash which, the theory goes, your AV won’t recognise and bat along […]

I encountered a Checkpoint firewall the other day in the course of my job and realised it had been a few years since I’d worked on one. I think Palo Alto and Fortigate have been stealing Checkpoint’s lunch in the past few years (based on no more than personal experience). At one place I worked which was migrating from Checkpoints to Palo Altos; the former’s […]

Herein is the last in the series of how firewalls can be configured to block applications running on non-standard ports, specifically ssh. Today’s firewall vendor is the venerable Checkpoint and once more for the purposes of the lab I will reluctantly direct more moolah to Jeff Bezos’ bulging coffers by selecting the appropriate device from the AWS marketplace. Initially, I chose this… …and it took […]

In a series only midly less compelling than GoT we see how the Cisco ASA firewall fared in stopping ssh over non-standard ports. (Spoiler alert: this lab did not go well) SPOILER ALERT: I didn’t get this working and this post descends into a mild rant on ASAs in AWS. I did get it working in this post: Cisco Once again I headed to the […]

In the previous post we saw how a Palo Alto fared in blocking applications running on non-standard ports and in this one we’re going to try the same exercise with a Fortigate firewall. Once again, I don’t have a physical Fortigate firewall to hand so used one in the AWS Marketplace: On the following firmware version: I used the same topology as I did with […]

Initially, I wanted to explore the ways that different models of Next Generation firewalls defeat (or not) the simple tunnelling scenario of the previous labs (see ‘SSH forwarding’). In fact, I didn’t really get much further than looking at running applications on non-standard ports but it shows a little of the application awareness abilities of a next-gen firewall, in this case a Palo Alto. As […]