Palo Alto Next Generation Firewall - Rulesets on UW-Madison Wireless and WiscVPN networks

This document summarizes the rules in place on Palo Alto Next Generation network firewalls for the UW-Madison Wireless and WiscVPN networks.

Background

In order to reduce the risk of known threats, the UW-Madison Wireless UWNet/Eduroam and WiscVPN services have implemented network protections using the advanced features of Palo Alto Next Generation Firewall.

Palo Alto Application Ruleset


The below application rules are implemented for the UW-Madison Wireless and WiscVPN services.

URL Filtering

Web accesses to addresses associated with the following activity will be blocked:
  • command-and-control
  • phishing
  • malware
The web addresses mapped to these categories are updated by Palo Alto periodically.

More information about these categories can be found at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC

Antivirus

The Antivirus feature of the Palo Alto protects against files containing viruses, worms, and trojan downloads.  This is protection is in place for the following protocols; FTP, HTTP and SMB.

Antispyware

Anti-Spyware feature of the Palo Alto blocks spyware on compromised hosts from trying to connect to command-and-control (C2) servers.

Vulnerability Protection

Vulnerability Protection feature of the Palo Alto blocks malicious network traffic which his trying to exploit system flaws or gain unauthorized access to systems, e.g. SQL injection, buffer overflows, etc.

Support

If a block to a web site (http) has been made during an interactive browsing session, the below message will be returned on the browser:



If you believe a web site is incorrectly blocked, you can request that it be re-tested by Palo Alto at https://urlfiltering.paloaltonetworks.com/  The same link can also be used to learn if a web site is currently blocked.

You can also contact the DoIT Help Desk to report possible blocking issues with the campus Wireless and WiscVPN ruleset by calling 608-264-HELP or by sending an email to cybersecurity@cio.wisc.edu (monitored during business hours).



Keywords:palo alto next generation firewall rule ruleset wireless wiscvpn block web site   Doc ID:86279
Owner:Allen M.Group:Office of Campus Information Security
Created:2018-10-05 16:17 CDTUpdated:2018-10-08 08:54 CDT
Sites:DoIT Help Desk, Office of Campus Information Security
Feedback:  0   0