The Content Filter Engine app allows administrators to enable/disable Reverse Address Lookups in the Settings section. The Global Settings section can be used to add Banned IPs and Exception IPs. This section also caters to the enabling the important function of deep packet inspection of encrypted data with dynamic creation of certificates automatically being signed by a provided certificate. This functionality is of critical importance due to the wide availability of free and automatically issued certificates. These freely available certificates have resulted in a large amount of malware using valid SSL/TLS connections when phoning home, infecting endpoints or exfiltrating data. The App Policies section is designed to allow administrators to assign policies to a group.
The Content Filter Engine app is used to assign policies to IP and MAC address. All the IP and MAC addresses of the devices connected to Crystal Eye appliance will by default be displayed in the Assign Policy to IP/MAC Address section. In this section administrators can edit policies for an IP or MAC Address. The policy of an IP or MAC address can also be changed to default in the Assign Policy to IP/MAC Address section.
|Left-hand Navigation Panel > Security Configuration > Content Filter & Proxy > Content Filter Engine|
Enabling/Disabling Reverse Address Lookups from the Content Filter Engine Page
In the Content Filter Engine app page, click on the Edit button in the Settings section to enable/disable Reverse Address Lookups.
Adding IPs to exception or banned lists
Step 1: In the Content Filter Engine page, click the Edit button against Exception IPs and Banned IPs in the Global Settings section.
Step 2: On clicking the Edit button against Exception IPs or Banned IPs, you will see Exception IPs section or Banned IPs section respectively.
Step 3: Now, click the Add button to add Exception IPs or Banned IPs.
The Deep Packet Inspection module blocks “https connection attempts” to URLs that are malicious by using signature-based and heuristic mechanisms from automatically updated rules. In order to enable Deep Packet Inspection, the browser proxy settings must be configured followed by downloading of the SSL MITM certificates from the CE and then importing it to the browser.
How to enable Deep Packet Inspection of encrypted traffic?
Step 1: In the Content Filter app page, click the Policy Management switch view button.
Step 2: You will now see the Policy Management switch view page. Now, click Configure Policy button in the App Policies section.
Note: Deep Packet Inspection can be enabled for a default group or a customized group. In this case we have picked default group.
Step 3: You will now see the Policy – Default section. Click the General Settings Edit button.
Step 4: You will now see the Settings section. Enable SSL MITM and hit the Update button.
Step 5: Now click the Configure Settings switch view button.
Step 6: You will now see the Global Settings section. Click the Certificate for SSL MITM Download button.
Note: In order to complete the procedure to enable MITM SSL Certificate, we will have configure manual network proxy settings and import Certificate for SSL MITM to the browser.
Configuring Manual Network Settings and Importing MITM SSL Certificate in Google Chrome
Step 7: Go to Settings page of the browser and click Open Proxy Settings in the System section.
Step 8: You will now see the Internet Properties pop-up. Click LAN Settings button.
Step 9: Select the Check Box in the Proxy Server section.
Step 10: Now enter the LAN Interface Address of CE, enter the port as 8080 and click the OK button.
Step 11: Now go to the advanced browser settings and select Manage Certificates in the Privacy & Security section.
Step 12: You will now see the Certificates pop-up. Click the Import button, browse the downloaded MITM SSL Certificate file and import it to Google Chrome.
Creating a policies for Particular User Groups Step 1: In the Content Filter Engine app page, click the Add button in the App Policies section.
Step 2: You will now see the Policy section. Type the name of the policy in the Policy Name box.
Step 3: Click on the Group dropdown and select the predefined Group Name. Now, click the Add button.(Note: The group name is created using Group App. Click here to know the procedure to create a group name)
Assigning Policies to IP/MAC Addresses
Step 1: In the Content Filter Engine app page, click Edit Policy button placed against a particular IP Address and MAC Address.
Step 2: You will see the Policy section of the IP and MAC address you had selected in the previous step. Click the Policy Type dropdown and select the desired policy. Now, click the Update button.