Jump to content

Whitelisting FQDN Through Firewall?


hcollins
 Share

Recommended Posts

Hello,

 

We're hoping to ditch Windows 10 firewall in favor of eSET managed, but we need to be able to whitelist the FQDN of a website that has IP's that frequently changed (hosted at AWS and we can't just whitelist the whole range).

 

What is our best option for this?

 

Thanks,

Hunter

Link to comment
Share on other sites

  • Administrators

It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and  an IP packet contains information about the source and destination IP address.

Link to comment
Share on other sites

52 minutes ago, Marcos said:

It's not possible since information about the hostname is not a part of a frame or packet. A frame contains information about the source and destination MAC addresses and  an IP packet contains information about the source and destination IP address.

With current firewall you are right. But this needs to change soon. If not for IPv4 hosts then for IPv6.

We have problems with allowing clients only access to Microsoft O365. Luckily Microsoft provided both FQDN and IPv4/IPv6.

Link to comment
Share on other sites

  • Administrators

If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.

Link to comment
Share on other sites

28 minutes ago, Marcos said:

If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.

As I sad, with current firewall you are right. You should make it modern inspect application layer. In the end DNS helps us. Who likes to type entire IP addresses, ranges, subnets..

 

Link to comment
Share on other sites

  • 3 weeks later...
On 12/2/2017 at 7:27 PM, Marcos said:

If you capture the network communication, where in the frame or packet do you see the hostname? It's not there. Hostname is gathered via DNS requests and it's not a part of frames or packets that the firewall checks.

@Marcos

Yesterday we had example, where we needed to allow users access to Google Docs and nothing else. Google does have list of FQDN servers we need to allow through firewall, but this is impossible to make use of in ESET firewall.

Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status?

 

 

Link to comment
Share on other sites

  • Administrators
On 12/20/2017 at 7:31 AM, bbahes said:

Are there any consideration regarding this request? Can it be sent via official channel as feature request and track status?

What firewall allows creating rules based on the hostname instead of an IP address?

Link to comment
Share on other sites

On 12/21/2017 at 10:31 PM, Marcos said:

What firewall allows creating rules based on the hostname instead of an IP address?

The only one I remember was Forefront TMG from Microsoft.

Don't you think this is something to consider, given the IPv6 notation format? Also, many things now come from CDN leaving only fqdn as firewall option.

 

Edited by bbahes
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...