If your an systems admin for a network and responsible for the overall security of your environment, then I’m sure at one point in your career you’ve heard “I don’t know how I got this virus, I just went to MSN.com and POOF! Porn pop-ups starting appearing” If so, it may be a sign that you have users that like to stroll around sites that they probably shouldn’t visit during normal business hours. If that’s the case, then it may be time to look into implementing some type of web content filter in the environment that will block access to these types of sites. In my experience, this is a very simple task with Watchguard XTM firewalls and will give you some great visibility into your network that you normally wouldn’t get with other firewalls right out of the box. So what’s involved?
The great thing about Watchguard is that each firewall purchased with the XTM Security suite comes bundles with all types of good add-ons. Built-in reporting server, Gateway Anti-Virus, Cloud based site reputation defense, Intrusion Prevention, Application Control and Web blocker just to name a few. In this article, we will specifically talk about how to implement Watchguard’s Web Content filter using a Watchguard XTM 330 to protect your environment from sites that usually contain malware and spyware threats. I will assume that you already have the XTM Firewall up and running in production and walk you through creating a policy for Web Blocker.
Step 1.) Open the policy manager using the Watchguard System Manager, and select the “Add Policies” + arrow in the toolbar
Step 2.) Expand “Proxies” and double click on HTTP-Proxy
Step 3.) Once you open the “New Policy Properties” window, you will have a few fields to modify.
— Name your policy something meaningful (HTTP Outbound)
— Add your “FROM” network (Usually Any Trusted)
— Add your “TO” network (Usually ANY External)
— An HTTP Proxy will automatically be created below. Click the icon that has a Paper and Pencil to modify the policy
Step 4.) Click “WebBlocker” on the categories column, then click the + next to WebBlocker to create a new WebBlocker policy
Step 5.) In the “New WebBlocker Configuration” window, there are many tabs that can be customized. We will start from left to right and customize to your liking.
— Name your policy: You can have many different policies for different types of staff. For example, management, general staff, accounting etc. In this example, we will use “General Staff”
— Server: You have the option of using Websense cloud (Available in XTM 11.7 and above), or a local instance of WebBlocker to host the WebBlocker database. We will use the cloud option
Step 6.) Categories: Here is where you can block access to dozens of different categories as needed. In this example, we will deny access to Adult Material only. You do have the option to be notified if access to a block site was attempted , or to just log the action as well using the check boxes below.
You may have some instances where you need to add exceptions for sites that are being blocked by a category. You can add single site exceptions in the “Exceptions” tab simply by clicking “ADD”
Step 7.) On the advanced tab, we have a few important settings we can configure.
— Local Override: If you have a person on the team that always needs to access blocked content for some reason, you can provide a local override password that the user can enter to gain access to that site without always having to make an exception. Only 1 password can be set for the policy, so keep that password a secret 🙂
— Server Timeout: In the event your local WebBlocker server, or cloud instance is unavailable, you need to specify if access to that requested site should be denied, or allowed.
— License Bypass: If you let your Live Security subscription expire, and your license bypass option is set to DENIED, then users will not be able to access the web until a new license has been applied.
Step 8.) Alarm: You have the option to be notified by e-mail, or send an SNMP trap in the event one of your events you specifically set to alarm has been triggered. You will need to setup SMTP on your Watchguard server before you will start receiving notifications.
In my managed services practice, implementing a Watchguard firewall with Web Blocker along with all of the other security features is a must to provide a secure, malware free environment for our clients. Having endpoint protection on each workstation alone is not enough to stop these threats from entering your environment. Taking a tiered approach to security , just like backup , should be a best practice you should try to adopt, and could help mitigate the risks of threats making their way in. While no solution is perfect, Watchguard does a great job of stopping security threats at the gateway, BEFORE they enter your environment.
If you would like more information on security or Watchguard firewalls, just let me know and I will see if I can help answer your question!