Why Cloud Lookup is required?
As we know that there are more than 1.5B website worldwide and Versa local database contains 2Million URLs based on Alexa top website list then how other URLs will be categorized if the URLs that doesn’t matches within local DB. Due to this problem scenario it may create some issue while doing URL Filtering. To overcome from this problem scenario cloud lookup is comes in the picture.
How it works?
Versa have subscription for Cloud Lookup with Bright cloud which is distributed in worldwide. Bright cloud stores the category and reputation details of the URL it belongs to. Once the FlexVNF is configure with Cloud Lookup mode then all the URLs lookup request will hits to local DB if the URL category is not found local database then the FlexVNF will send to bright cloud to lookup URL and the bright cloud will return the result back to FlexVNF within timeout.
Step 1: Configure SNAT Pool
Go to Appliance/Configuration/Object & Connector/Objects/SNAT Pool and click “+” to add new snat pool.
In below example we have configured Transport-VR, as it is having the Internet connectivity for lookup.
Why it is required?
SNAT enables outbound internet access for a private network. When virtual machines are deployed within this private network, they can access the internet by passing through a gateway equipped to perform SNAT. This gateway is connected to both the public network and the private network. During the SNAT process, the gateway replaces the source IP address of the original packet with its own public IP address, which allows the virtual machines' traffic to appear as if it originates from the gateway itself. Additionally, the source port is modified as part of SNAT, enabling multiple virtual machines to access the public network using the same gateway public IP address.
Step 2. Configure Cloud Profile
In this section we can define the type of cloud profile for which the FlexVNF is going to look up. There are three type of cloud profile.
urlf-cloud-profile: Cloud profile for URL category lookup.fileflter-cloud-profile: Cloud profile for lookup of file filtering.custom-param: Profile with custom parameters for cloud server and port.
In this configuration we will do cloud lookup for urlf-cloud-profile.
Go to Appliance/Configuration/Object & Connector/Objects/Cloud Profile
Connection Pool: It specifies the number of TCP connections from appliance to cloud server.
Timeout: It specifies the Timeout period in seconds for a TCP connection, Default: 120 secs.
Step 3. Configure URL Filtering to enable Asynchronous Cloud Lookup
Go to Appliance/Configuration/Services/Next Gen Firewall/Security Settings/URL Filtering and Edit the profile line below:
Versa support for two types of Match URL based on that it will do cloud lookup:
- Http Host Url
: Host URL is the actual URL which is redirected from another URL entered by host. - Http Referer
: Http referral URL is one who is entered by host is browser.
Cloud Lookup Profile: Select the Cloud Profile from the list. A cloud lookup profile must be configure for URL filtering.
Cloud Lookup Mode: Select Asynchronous from list.
Cache Time To Live: Specify the time that will store the URL information to cache, Default is 21600.
Cache Limit: Define number of cache entry, Default is 100000.
Timeout: Define timeout for request, Default is 1000ms.
Cloud Lookup State: Select to enable cloud lookup. By default, cloud lookup is disabled.
Step 4. Configure URL Filtering Profile and enable Cloud Lookup
In the URL Filtering profile, we will test and do cloud URL lookup for uncategorized URL. In this profile i define the uncategorized URL must be block by firewall but allowed for all other categories.
Go to Appliance/Configuration/Services/Next Gen Firewall/Security/Profile/URL Filtering
Define Firewall Rules:
Step 5. Configure DNS server and DNS Proxy
DNS server for the appliance
DNS Proxy on the Transport-VR
Verification:
Browse versa.com and run below command to verify the URL information. Below you can see versa.com doesn’t belongs to any category for first session.
URL Lookup
|
Browse versa.com again
URL Lookup
|
Synchronous Cloud Lookup
This is the new features of cloud lookup introduced in 20.2 and later released. When a category and reputation of a URL that is not in the Local Database is to be found, a cloud lookup will need to be done. The existing session is held until the cloud lookup return the category or reputation mapping for the URL for a configured timeout. Once the cloud lookup returns the category or reputation of URL it will be cached to local DB so subsequent query will use local DB to get the information about category and reputation.
Advantages of Synchronous Cloud Lookup
For every first session that fails a local database lookup can also be categorized if the cloud lookup is successful. With this all URLs can be successfully categorized and based on policy define, appropriate action can be taken.
Disadvantage of Synchronous Cloud Lookup
First session that fails a local DB lookup can be slightly delayed due to the buffering of the session until the cloud lookup returns.
Follow the below steps to configure Synchronous Cloud Lookup.
Step 1: Configure SNAT Pool
Refer Step1 of Asynchronous Cloud Lookup.
Step 2. Configure Cloud Profile
Step 3. Configure URL Filtering to enable Synchronous Cloud Lookup
Refer step3 of Asynchronous Cloud Lookup.
Step 4. Configure URL Filtering Profile and enable Cloud Lookup
Refer step4 of Asynchronous Cloud Lookup.
Step 5. Configure DNS server and DNS Proxy
Refer step5 for DNS configuration
Verification:
Run the below command to verify the category and reputation of the URL is mapping in the local DB or not.
URL Lookup
|
Browse versa.com and verify the category & reputation is resolve from cloud for first session.
URL Lookup
|
