Blocking or allowing traffic from a web service

You can block or allow traffic from a web service by adding a rule in the SNS firewall’s filter policy.

1. Go to Configuration > Security policy > Filter - NAT, Filtering tab.

2. Click on New rule > Single rule.

3. Double-click on the number of the new rule.

4. In the window to edit rules, fill out the following information:

   • General tab, Status field: select On,

   • Action tab, Action field: select pass or block,

   • Source tab, Source hosts field: select the desired objects (e.g., Network_in),

   • Destination tab:

     • General sub-tab, Destination hosts field: select the desired objects (e.g., Any),

     • Geolocation/Reputation sub-tab, Web services and reputations section: select the web service in question. Remember, to avoid mistakenly blocking or allowing certain streams of web traffic, check the dependencies of the web service in question on the Stormshield Security Portal first.

5. Click on OK.

6. Place rules that allow web service traffic above block rules due to the fact that rules are read in the order of their numbering.