Jump to content

Whitelisting FQDN Through Firewall?

hcollins

By hcollins
in ESET Endpoint Products

 Share

Recommended Posts

hcollins

hcollins 0

Posted
Posted

Hello,

 

We're hoping to ditch Windows 10 firewall in favor of eSET managed, but we need to be able to whitelist the FQDN of a website that has IP's that frequently changed (hosted at AWS and we can't just whitelist the whole range).

 

What is our best option for this?

 

Thanks,

Hunter

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,069

Posted
  • Administrators
Posted

It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and  an IP packet contains information about the source and destination IP address.

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
Posted
52 minutes ago, Marcos said:

It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and  an IP packet contains information about the source and destination IP address.

With current firewall you are right. But this needs to change soon. If not for IPv4 hosts then for IPv6.

We have problems with allowing clients only access to Microsoft O365. Luckily Microsoft provided both FQDN and IPv4/IPv6.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,069

Posted
  • Administrators
Posted

If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
Posted
28 minutes ago, Marcos said:

If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.

As I sad, with current firewall you are right. You should make it modern inspect application layer. In the end DNS helps us. Who likes to type entire IP addresses, ranges, subnets..

 

Link to comment
Share on other sites
  • 3 weeks later...
bbahes

bbahes 29

Posted
Posted
On 12/2/2017 at 7:27 PM, Marcos said:

If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.

@Marcos

Yesterday we had example, where we needed to allow users access to Google Docs and nothing else. Google does have list of FQDN servers we need to allow through firewall, but this is impossible to make use of in ESET firewall.

Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status?

 

 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,069

Posted
  • Administrators
Posted
On 12/20/2017 at 7:31 AM, bbahes said:

Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status?

What firewall allows creating rules based on the hostname instead of an IP address?

Link to comment
Share on other sites
bbahes

bbahes 29

Posted
Posted (edited)
On 12/21/2017 at 10:31 PM, Marcos said:

What firewall allows creating rules based on the hostname instead of an IP address?

The only one I remember was Forefront TMG from Microsoft.

Don't you think this is something to consider, given the IPv6 notation format? Also, many things now come from CDN leaving only fqdn as firewall option.

 

Edited by bbahes
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...