Netify Firewall Agent
Netify Firewall Agent - FWA
While Netify is primarily an analytics and reporting service, there may be cases when taking real-time action on the network intelligence provided by Netify is desirable - for example, integration with a network firewall.
The Netify's Informatics API, while convenient and allows for greater insights to be gained through 3rd party services like IP reputation and Machine Learning
models, is impractical for use when dealing with network flow control because the feedback loop (at best, between 5-20 seconds) is far too long. For example, to
block or throttle Facebook traffic, a Facebook web page would almost certainly have been downloaded in its entirety before a flow could be marked and acted on
for control.
Turning Informatics into Action
QoS and Firewall Hooks
Fortunately for Netify system integrators, we offer an on-premise solution called Netify Firewall Agent, or FWA. FWA consumes real-time, post flow-analysis data streams from the Netify agent through a live socket on the host (details). FWA uses this flow data to provide a firewall agnostic[1] solution to blocking, prioritizing or shaping traffic on the gateway host. The open-source code can be fully containerized, simplifying the integration and ease in which it can be deployed into the CI/CD software lifecycle.
Netify FWA uses a simple, yet versatile configuration file to block, route or prioritize flows based on:
- time of day
- day of week
- application or protocol detection (Facebook, VoIP etc.)
- application or protocol categories (Social Media, Peer-to-Peer etc.)
- MAC or IP address
- any combination of the above
[1] Netify FWA currently supports iptables, firewalld and Shorewall firewall frameworks, but can be extended to work with almost any platform.
Configuration Details
To get a feel for the features provided by Netify FWA, let's take a look at an example configuration file.
Block Application
The first configuration section defines a block rule for application #201: Instagram. Any network connection associated with this domain will be blocked, even encrypted HTTPS traffic.
Block Application Category
Similarly, the second configuration section defines a block rule, but this one is for an entire application category - #24 / Social Media.
Time of Day
You may want to allow certain types of traffic during certain times, for example an office lunch hour. The third and fourth configuration blocks provide an example configuration for this scenario. Facebook (ID #119) is blocked during work hours except from noon to 1 pm.
QoS Prioritize
The fifth rule configuration block is an example for QoS priority. In this case, SIP traffic (protocol ID #100) is given a higher network priority.
Whitelist
Finally, we have the whitelist block at the bottom of the JSON payload. You can exempt IPs or network blocks from the FwA rule set.
{
"version": "1.0",
"rules": [
{
"type": "block",
"application": 201
},
{
"type": "block",
"application_category": 24
},
{
"type": "block",
"application": 119,
"weekdays": "Mo,Tu,We,Th,Fr",
"time-start": "9:00",
"time-stop": "12:00"
},
{
"type": "block",
"application": 119,
"weekdays": "Mo,Tu,We,Th,Fr",
"time-start": "13:00",
"time-stop": "17:00"
},
{
"type": "prioritize",
"protocol": 100,
"priority": 2
}
],
"whitelist": [
{
"type": "ipv4",
"address": "192.168.0.10\/32"
},
{
"type": "ipv6",
"address": "fe80::10\/64"
}
]
}
Source Code to Get You Started
The Netify Firewall Agent can be used as-is, or modified and extended to meet your needs. You can find the source code here: https://gitlab.com/netify.ai/public/netify-fwa. For more information or to schedule a demonstration, please contact us.
Netify Agent
Getting Started
Netify Tools
Netify DPI Alternatives
Integration and Custom Solutions
Do you have any questions about integration, APIs or custom development?
Contact Us