Palo Alto Next Generation Firewall - Rulesets on UW-Madison Wireless and WiscVPN networks
This document summarizes the rules in place on Palo Alto Next Generation network firewalls for the UW-Madison Wireless and WiscVPN networks.
Background
In order to reduce the risk of known threats, the UW-Madison Wireless UWNet/Eduroam and WiscVPN services have implemented network protections using the advanced features of Palo Alto Next Generation Firewall.
Palo Alto Application Ruleset
The below application rules are implemented for the UW-Madison Wireless and WiscVPN services.
URL Filtering
Web accesses to addresses associated with the following activity will be blocked:
- command-and-control
- phishing
- malware
The web addresses mapped to these categories are updated by Palo Alto periodically.
More information about these categories can be found at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC
Antivirus
The Antivirus feature of the Palo Alto protects against files containing viruses, worms, and trojan downloads. This is protection is in place for the following protocols; FTP, HTTP and SMB.
Antispyware
Anti-Spyware feature of the Palo Alto blocks spyware on compromised hosts from trying to connect to command-and-control (C2) servers.
Vulnerability Protection
Vulnerability Protection feature of the Palo Alto blocks malicious network traffic which his trying to exploit system flaws or gain unauthorized access to systems, e.g. SQL injection, buffer overflows, etc.
More information about these categories can be found at https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC
Antivirus
The Antivirus feature of the Palo Alto protects against files containing viruses, worms, and trojan downloads. This is protection is in place for the following protocols; FTP, HTTP and SMB.
Antispyware
Anti-Spyware feature of the Palo Alto blocks spyware on compromised hosts from trying to connect to command-and-control (C2) servers.
Vulnerability Protection
Vulnerability Protection feature of the Palo Alto blocks malicious network traffic which his trying to exploit system flaws or gain unauthorized access to systems, e.g. SQL injection, buffer overflows, etc.
Support
If a block to a web site (http) has been made during an interactive browsing session, the below message will be returned on the browser:
If you believe a web site is incorrectly blocked, you can request that it be re-tested by Palo Alto at https://urlfiltering.paloaltonetworks.com/ The same link can also be used to learn if a web site is currently blocked.
You can also contact the DoIT Help Desk to report possible blocking issues with the campus Wireless and WiscVPN ruleset by calling 608-264-HELP or by sending an email to cybersecurity@cio.wisc.edu (monitored during business hours).
You can also contact the DoIT Help Desk to report possible blocking issues with the campus Wireless and WiscVPN ruleset by calling 608-264-HELP or by sending an email to cybersecurity@cio.wisc.edu (monitored during business hours).