Firewall Protection


Dedicated Firewall
To protect the data and web applications from unauthorized intruders, all servers are placed behind a UTM firewall. Firewall rules are set, managed and reviewed on a regular basis by System Admin personnel, which helps to ensure any new firewall loopholes cannot be compromised.

A firewall protects the network from unauthorized access and typically guards the LAN and DMZ networks against malicious access; however, firewalls is also configured to limit the access to harmful sites for LAN users.

The responsibility of firewall is to grant access from Internet to DMZ or Service Network according to the Rules and Policies configured. It also keeps watch on state of connection and denies any traffic that is out of connection state.

Firewall rule provides centralized management of security policies. From the single firewall rule, you can define and manage entire set of security policies

Surfing Quota Policy
Surfing quota policy defines the duration of Internet surfing time. Surfing time duration is the allowed time in hours for a Group or an Individual User to access Internet.

Access Time Policy
Access time is the time period during which user can be allowed/denied the Internet access. An example would be "only office hour's access" for a certain set of users.

Internet Access Policy
Internet Access policy controls user's web access. It specifies which user has access to which sites or applications and allows defining powerful security policies based on almost limitless policy parameters.

Bandwidth Policy
The primary objective of bandwidth policy is to manage and distribute total bandwidth on certain parameters and user attributes. Bandwidth policy allocates & limits the maximum bandwidth usage of the user and controls web and network traffic.

Data transfer policy
Once the user log on, the bandwidth is available and the total available bandwidth is shared among all the active users at the particular time. Bandwidth being the limited resource, bandwidth shortage and congestion problems is common. Firewall allows limiting data transfer allowed to individual user according to the requirement. Bandwidth is limited using the Bandwidth policy while data transfer policy defines the upper limit for data transfer carried out by the user.

Spam policy
A default spam policy is applicable to all the incoming email traffic. Spam policy defines what action is to be taken if the mail is identified as a spam and to which email address the copy of mail is to be send. As network scanning rules control all the traffic passing through the firewall and decide whether to scan or bypass mail, policy will be applied to that traffic only that is filtered by network scanning rule.

Gateway failover
Gateway failover provides link failure protection i.e. when one link goes down; the traffic is switched over to the active link. The transition is seamless and transparent to the end user with no disruption in service i.e. no downtime

Firewall Policies
  • Firewall is enabled and its configuration is regularly monitored to filter inbound and outbound traffic. Attachment size of the email messages is restricted to 5 MB. 
  • Spam, content filters and anti-virus protection are configured on the firewall.
  • Firewall (UTM) is synchronized with UTM to enable single sign-off for the internet access.
  • Users will get access to the internet as per the policies defined in the firewall. These policies are approved by reporting manager and ISO through e-mail.
  • Backup of the firewall configuration has to be taken by SA every month as well as every time, if there, is any change done in the firewall configuration or rules.
  • Audit log reports for Firewall track all the changes, which are being done on the Firewall and same is being used for tracking of change management.
  • Firewall logs and configuration settings like policies and rules have to be reviewed every quarter by ISO and the same to be recorded.
  • Only SA and ISO can access the firewall. Firewall access to the other users is not allowed.
  • In case of maintenance, firewall access has to be given only after the approval of ISO for a specific duration and the same to be revoked and verified once the action is completed.
  • The firewall access password should be at least 6 characters having alphanumeric combinations and needs to be changed every month.