Home  Prev  cOS Stream 4.00.03 Administration Guide  Next

25.2. Whitelisting

Overview

To ensure that certain traffic coming from trusted sources is never blacklisted under any circumstances, a single, predefined Whitelist object exists in cOS Stream. This object is the parent to one or many child WhitelistRule objects which can be added by the administrator. Each WhitelistRule has the following properties to specify the type of traffic that must never be blacklisted:

[Tip] Tip: Management traffic should be whitelisted

It is recommended to add the management traffic for the Clavister NetShield Firewall itself to the whitelist since blacklisting of this traffic could potentially mean that the administrator loses access to cOS Stream.

It is also important to understand that although whitelisting prevents particular traffic from being blacklisted, it still does not prevent cOS Stream mechanisms such as threshold rules from dropping or denying connections that meets whitelisting criteria. All whitelisting does is prevent the traffic being added to a blacklist.

[Note] Note: System restarts do not affect the whitelist

The contents of the whitelist is not lost between system restarts.

Example 25.1. Adding a Whitelist Entry

In this example, a WhitelistRule object is created that will prevent any traffic from the network mgmt_net arriving on the interface if1 from being blacklisted. The destination IP for this traffic will be if1_ip.

Command-Line Interface

Change the CLI context to be the predefined Whitelist object: 

System:/> cc Whitelist

Add the WhitelistRule object: 

System:/Whitelist> add WhitelistRule
			SourceInterface=if1
			SourceIP=mgmt_net
			DestinationIP=if1_ip
			Service=all_services
			Name=whitelist_mgmt_traffic

Change the CLI context back to the default: 

System:/Whitelist> cc
System:/>

Home  Prev   Next