Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Schnell
Explorer

Application Filter on Internal Traffic for 1570R

Hi,

New here. Working on 1570R and SMB R80.20.30.

We would like to leverage some of this "OT intelligence" in the 1570R for tighter control of the traffic in an OT environment. For that I'm trying to make application filtering work between two hosts, but it looks like the functionality is locked to the "Outgoing access to the Internet" policy. To circumvent that I have tried making one the LAN interfaces an "Internet" interface, and the policy kicks in, but only in the outgoing direction. NAT is disabled.

How to use application filtering on internal traffic in general? Is that not possible?

Would it work with another model?  I'm under the impression that 1570R is currently the only model you can buy that has "OT intelligence" regarding SCADA protocols etc. 

 

Best regards

Schnell

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

sk102296: How to activate inspection on internal traffic on Quantum Spark appliances

CCSE CCTE SMB Specialist
Schnell
Explorer

Thank you.

I have changed both to "true", rebooted and done some testing. It seems to be the same as before. I can still only choose applications in "Outgoing access to the Internet" policy, however that policy does not seem to apply for internal traffic. 

In "Firewall" -> "Blade Control" I have tried enabling and editing the "Block other undesired applications". I used every version of Internet Explorer as a test. However when I do a HTTP request in IE on either host it simply just allows the traffic. It uses the "Any Any HTTP Allow" test rule which is currently first on the list in "Incoming, Internal and VPN traffic" policy.

In either case, a black list like "Block other undesired applications" was not the intended solution, we were looking for a white list functionality like it seems to be possible with "Outgoing access to the Internet" policy.

Am I missing something?

0 Kudos
G_W_Albrecht
Legend
Legend