hcollins 0 Posted November 30, 2017 Share Posted November 30, 2017 Hello, We're hoping to ditch Windows 10 firewall in favor of eSET managed, but we need to be able to whitelist the FQDN of a website that has IP's that frequently changed (hosted at AWS and we can't just whitelist the whole range). What is our best option for this? Thanks, Hunter Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 2, 2017 Share Posted December 2, 2017 I don't know about v6, but in v5 it was not possible to include FQDN in firewall rules and that is painful @Marcos Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted December 2, 2017 Administrators Share Posted December 2, 2017 It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and an IP packet contains information about the source and destination IP address. Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 2, 2017 Share Posted December 2, 2017 52 minutes ago, Marcos said: It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and an IP packet contains information about the source and destination IP address. With current firewall you are right. But this needs to change soon. If not for IPv4 hosts then for IPv6. We have problems with allowing clients only access to Microsoft O365. Luckily Microsoft provided both FQDN and IPv4/IPv6. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted December 2, 2017 Administrators Share Posted December 2, 2017 If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks. Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 2, 2017 Share Posted December 2, 2017 28 minutes ago, Marcos said: If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks. As I sad, with current firewall you are right. You should make it modern inspect application layer. In the end DNS helps us. Who likes to type entire IP addresses, ranges, subnets.. Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 20, 2017 Share Posted December 20, 2017 On 12/2/2017 at 7:27 PM, Marcos said: If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks. @Marcos Yesterday we had example, where we needed to allow users access to Google Docs and nothing else. Google does have list of FQDN servers we need to allow through firewall, but this is impossible to make use of in ESET firewall. Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,231 Posted December 21, 2017 Administrators Share Posted December 21, 2017 On 12/20/2017 at 7:31 AM, bbahes said: Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status? What firewall allows creating rules based on the hostname instead of an IP address? Link to comment Share on other sites More sharing options...
bbahes 29 Posted December 22, 2017 Share Posted December 22, 2017 (edited) On 12/21/2017 at 10:31 PM, Marcos said: What firewall allows creating rules based on the hostname instead of an IP address? The only one I remember was Forefront TMG from Microsoft. Don't you think this is something to consider, given the IPv6 notation format? Also, many things now come from CDN leaving only fqdn as firewall option. Edited December 25, 2017 by bbahes Link to comment Share on other sites More sharing options...
Recommended Posts