Firewall Integration

StoneGate Firewall and IPS work seamlessly together to provide layered defense.

Blacklisting

StoneGate IPS Sensor detects and immediately prevents attacks in the network segment that it is protecting. At the same time, it expands and strengthens the protection against that attacker sending a blacklist request across the corporate firewall structure. StoneGate firewalls start to block any further traffic from the attacker and therefore block any further attempts to exploit vulnerabilities.

The firewall administrators can set up blacklists manually straight from the firewall logs if they see something alarming in the logs.

Blacklisting can stop worm propagation between network segments. Early quarantine will reduce the time and resources needed for cleaning the worm-infected systems. Combined with whitelisting, blacklisting allows a safe automatic response to attacks while preserving production-critical traffic.

Whitelisting

Whitelisting defines connections that cannot be blacklisted and blocked, such as critical production traffic. Whitelisting is an effective way to prohibit a hacker's misuse of blacklisting.

The blacklisting scope can vary from incident to incident:

Blocking specific protocols or IP addresses
Blocking whole network segments
Blocking permanently or for a certain time period
Manually blacklisting an offending host

Unified configuration

StoneGate IPS and Firewall are managed through StoneGate Management Center (SMC) graphical user interface (GUI). The unified configuration view and configuration, simplifies and makes the seamless configuration of the components possible. For example, the possibility to use common elements in both components security policies, and the possibility to copy-paste access rules from one rule base to another reduces the number of human errors.