1.Purpose of the article
As you know the game during working hours is a very difficult thing to accept because it would distract staff work, as well as affect the system’s bandwidth.
Currently, businesses often use firewall devices to prevent this game from playing, but today’s firewalls only support identifying and blocking some famous games.
So how can we block access to games that the firewall does not recognize, today’s article will guide you how to identify and block any game application on the Palo Alto firewall device. .
As you can see in the network diagram you can see that the internet connection will be configured on Port 1 and the LAN area configured on Port 3 with the network layer 172.16.16.0/24 and 1 telephone device is being connected to the access point device configured bridge mode is attached to port 3 and telephone equipment received IP 172.16.16.64.
In this article thegioifirewall will use this mobile phone play DragonSky game and use Palo Alto firewall device to identify and implement blocking game this game.
4.What to do ?
- Determine the ip and port the game uses
- Configure the policy to block the game
5.1 Determine the ip and port the game uses
The first step we will use the phone with ip 172.16.16.64 to play DragonSky game.
Next we will check the log of the Palo Alto device, to check the Monitor> Logs> Traffic.
We will see that the phone’s log will be displayed, to avoid confusion with other devices we click on the IP address 172.16.16.64 to only filter the traffic of this IP.
After the filter we will conduct analysis, we will see that the traffic that the device connects to out is in Singapore.
So we will assume that this DragonSky game has servers located in Singapore.
We will create a policy to block all IPs coming from Singapore to determine if it is truly a game server in Singapore.
To create Policies> Security> Click Add and configure the following information.
- Name: Block_DragonSky
- Rule Type: universal (default)
- Source Zone: select LAN
- Source Address: click Add và type IP 172.16.16.64
- Destination Zone: WAN
- Destination Address: click Add và type SG in box then select SG (Singapore)
- Action: select Drop
- Log Setting: select Log at Session End
After the policy blocks the IPs from Singapore, we return to the phone screen to see if the game has lost connection.
And as you can see the game has lost connection.
The next step we need to go back to see the log of this device on Palo Alto and we can see the blocked IP destination addresses followed by the port as well as the protocol.
We need to save this information to an excel file as follows.
After saving all the necessary information, we will go back to the DragonSky Block policy and fill in the IP destinations that we have saved in the excel file.
Next we need to enter more ports on the Service tab, to import you go to the Service tab and click Add then select New Service.
The Service table appears, you need to enter a name for that service and enter the port into the Destination Port box.
When done, click OK to save.
After entering all the collected IPs and ports, we will return to the phone screen to check.
And as you can see the game is still not accessible, that is, we have correctly identified the IP servers that the game connects to as well as the ports that the game uses.
Techbast hopes that this article will assist administrators in having a way to manage users’ internet access to help the system operate more smoothly.