Database Version 3.0
License Type Full
Custom firewall configuration
In Application Monitor I have set up for Firefox to use my proxy port only for In traffic. Usually this works but sometimes when I cannot connect to the Internet, I look and notice that the In traffic via that port has been changed from Allow to Block. I did not change it!? How did it get changed? This problem is intermittent.
I have the firewall set up to provide alerts. Occasionally I will get an application alert asking me if I would allow access for Firefox (and other frequently-used apps) in thru the proxy port that I have already 'Allow’ed via Application Monitor. I have not changed any configuration. Again, this problem is intermittent.
For the most part, my custom rules and port blocks are working as expected. I have, via your firewall & other configs, been successful and blocking such attacks as packet injection and SYN Flood attacks. But one of the few exceptions, is the ICMP echo reply originating from attackers not network maintenance folks. Despite having a rule to not allow ICMP-echo replies, blocking port 7 blocking, most of the attackers IP ranges and traffic originating from certain source ports, the attackers (APNIC 95% of the time) are getting around the firewall. For other folks the rule/port block is working. Same thing with port 1434 for the SQL Injector attack. The problem appears to be an infected subnet where the attackers are using automated attacks. I have visibility to these breaches by using my networking tools. These attacks are ongoing.
Thank you for your great firewall. I especially like your Application & Component features. I realize that people often time would not be aware of what applications are doing behind the scenes so these features provide some insight to that traffic.