15.0.0 Changelog: Difference between revisions
No edit summary |
|||
Line 11: | Line 11: | ||
== Threats == | == Threats == | ||
Traffic blocking is performed based on session URL or IP address matching the selected threat reputation threshold. The default is High Risk. A lower threshold will also block higher matching reputations. For example, selecting Suspicious will block URLs and IP addresses with a | Traffic blocking is performed based on session URL or IP address matching the selected threat reputation threshold. The default is High Risk. A lower threshold will also block higher matching reputations. For example, selecting Suspicious will block URLs and IP addresses with a reputation of either Suspicious or High Risk. | ||
Threats may or may not have one or more categories associated with them, such as Malware and Web Attacks. | Threats may or may not have one or more categories associated with them, such as Malware and Web Attacks. |
Revision as of 21:43, 21 January 2020
Overview
15.0 is a major new release containing new the new Threat Prevention application and WebFilter enhancements.
Threat Prevention
Threat Prevention is a new application that blocks traffic based on URL or IP address malicious reputation. Blocked web sessions will be redirected to a local block page. All other non-web sessions will be dropped. Reputations are provided by Brightcloud.
This application is part of the Complete subscription.
Threats
Traffic blocking is performed based on session URL or IP address matching the selected threat reputation threshold. The default is High Risk. A lower threshold will also block higher matching reputations. For example, selecting Suspicious will block URLs and IP addresses with a reputation of either Suspicious or High Risk.
Threats may or may not have one or more categories associated with them, such as Malware and Web Attacks.
Rules
For customization, you can create your own Threat Prevention rules. For example, you can create a rule for client address that is passed and not blocked.
Additionally, if Threat Prevention is enabled, new Threat Prevention rule conditions for reputation and category are available in rules for other applications such as WebFilter.
Reports
Web and Non-Web Event reports provide detailed information about an address's reputation. To view this detailed information, click the row and open the Details pane.
Web Filter
Web Filter contains the following enhancements:
Kid Friendly search redirect
A new Advanced option Force searches through kid-friendly search engine will redirect known search engine requests through https://www.kidzsearch.com/.
Custom block page
A new advanced option Custom block page allows you to redirect block pages to an external site for block page customization. The following parameters are passed as GET parameters:
Name | Description | Example |
---|---|---|
appid | WebFilter identifer | 5 |
appname | WebFilter application name | web-filter |
host | Blocked host | www.someblockedsite.com |
url | Full blocked url | http://www.someblockediste.com/page.html |
reason | Category name or blocking rule name | Adult and Pornography - Sexually explicit material ... |
clientAddress | IP address of client | 192.168.1.10 |
NOTE: Unblock operations are not available when using a custom block page.
KidszSearch & DuckDuckGo search engine support
Support for search engines Kidzsearch and DuckDuckGo have been added including support for search terms and kid friendly search.
Category Submit Request
The Site Lookup, Suggest a different category operation now properly works and submits the URL to be re-classified.
QUIC messages
If you block QUIC sessions, those blocks will be recorded as WebFilter status metrics instead of logging each instance to the WebFilter log.
Query performance enhancements
Various improvements have been added to the Brightcloud query engine to improve performance.
Custom Email Alerts
Email Alerts can now be customized through the new Email Template tab.
The message now defaults to a key-value formatted message with values converted to "human-readable" formats. For example, a numeric value like 99214905344 will display at 92G.
As you customize the template, a preview is displayed using a live SystemStatEvent event, showing exactly how the template will be applied.
Kernel Upgrade
Kernel upgrade to 4.9.0-11 will be forced with this release.
Other
- Network interface mark preservation improves interoperability with other advanced routing technologies.
- Google drive backups stopped working due to a Google change. This has been fixed.
- Reports now properly escape HTML and JavaScript to prevent injection out of band XSS