15.0 is a major new release containing new the new Threat Prevention application and WebFilter enhancements.
Threat Prevention is a new application that blocks traffic based on URL or IP address malicious reputation. Blocked web sessions will be redirected to a local block page. All other non-web sessions will be dropped. Reputations are provided by Brightcloud.
This application is part of the Complete subscription.
Traffic blocking is performed based on session URL or IP address matching the selected threat reputation threshold. The default is High Risk. A lower threshold will also block higher matching reputations. For example, selecting Suspicious will block URLs and IP addresses with a reputations of either Suspicious or High Risk.
Threats may or may not have one or more categories associated with them, such as Malware and Web Attacks.
For customization, you can create your own Threat Prevention rules. For example, you can create a rule for client address that is passed and not blocked.
Additionally, if Threat Prevention is enabled, new Threat Prevention rule conditions for reputation and category are available in rules for other applications such as WebFilter.
Web and Non-Web Event reports provide detailed information about an address's reputation. To view this detailed information, click the row and open the Details pane.
Web Filter contains the following enhancements:
Kid Friendly search redirect
A new Advanced option Force searches through kid-friendly search engine will redirect known search engine requests through https://www.kidzsearch.com/.
Custom block page
A new advanced option Custom block page allows you to redirect block pages to an external site for block page customization. The following parameters are passed as GET parameters:
Name Description Example appid WebFilter instance identifer 5 appname WebFilter application name web-filter host Blocked host www.someblockedsite.com url Full blocked url http://www.someblockediste.com/page.html reason Category name or blocking rule name Adult and Pornography - Sexually explicit material … clientAddress IP address of client 192.168.1.10
NOTE: Unblock operations are not available when using a custom block page.
KidszSearch & DuckDuckGo search engine support
Support for search engines Kidzsearch and DuckDuckGo have been added including support for search terms and kid friendly search.
Category Submit Request
The Site Lookup, Suggest a different category operation now properly works and submits the URL to be re-classified.
If you block QUIC sessions, those blocks will be recorded as WebFilter status metrics instead of logging each instance to the WebFilter log.
Query performance enhancements
Various improvements have been added to the Brightcloud query engine to improve performance.
Custom Email Alerts
Email Alerts can now be customized through the new Email Template tab.
The message now defaults to a key-value formatted message with values converted to "human-readable" formats. For example, a numeric value like 99214905344 will display at 92G.
As you customize the template, a preview is displayed using a live SystemStatEvent event, showing exactly how the template will be applied.
Kernel upgrade to 4.9.0-11 will be forced with this release.
- Network interface mark preservation improves interoperability with other advanced routing technologies.
- Google drive backups stopped working due to a Google change. This has been fixed.