Why would a PoliWall be needed when we have a firewall with some of the PoliWall features?


The PoliWall does not replace a firewall, it complements the firewall and other security appliances in your network.  The PoliWall filters traffic prior to the firewall so the firewall can operate much more efficiently.  Most firewalls that have country blocking capabilities block countries for all connections.  We allow different policies for each device if needed.  Also, firewalls typically update their threat feed once a day. We have patented and patent pending technology that allows us to do updates in near real time of multiple threat feeds.  Additionally PoliWall processes large access lists that are not even possible on conventional firewalls. We have tested with access lists containing 100 million single IP addresses. This makes it possible to integrate IP reputation lists available from commercial and open-source providers.  Finally, the PoliWall is considerably faster than any of our competition, and it does allow very granular exceptions unavailable on firewalls.  Some firewalls do not even allow exceptions.



Will PoliWall slow down my network?


No. PoliWall's high-speed filtering algorithms can process packets with virtually no latency. Even our entry level products can process over 100,000 packets per second.



Will I have to reconfigure my routers and firewalls?


No, the PoliWall is a layer 2 IP-bridge device. Simply insert it between the firewall and router and turn it on.  You won’t even need to flush an ARP cache.



Does PoliWall have to go between the firewall and router?


No, it can be placed anywhere in the network where you want to stop malicious traffic.  Between the firewall and router is usually the best place, but every network is different.



Can the PoliWall sit outside the border router?


Most customers place the PoliWall between the border router and the firewall, but the PoliWall can be deployed outside the edge router if the connection to the network is Ethernet.



What happens if there is a hardware or software failure?  Will traffic flow be impacted?


No, the PoliWall is equipped with a bypass card that will automatically and immediately trigger allowing the unit to pass traffic, wire to wire, in the event of a failure of any kind.



How does traffic flow when PoliWall is in normal mode and what happens when it is placed in bypass mode?


When the PoliWall is in normal mode, it reads the packets off one interface, evaluates the policy, and if the packet should be allowed, writes it out on the other interface. If there are multiple bridge interfaces (like the X-series and Z-series), the packets are always written to the other interface of the bridge pair it came in on. When the PoliWall is in bypass mode, relays in the network card connect the ports directly to each other, disconnecting them from the network processing chip.



Where does Country Mapping IP information come from?

 

We get it from IANA (https://www.iana.org/) and the regional internet registries.  This data is updated daily.



What is DCEL and how frequently is the IP Threat Reputation data updated?


DCEL is dynamically compiled from difference or delta files that are delivered to the PoliWall in near real-time whenever new threats are discovered. A single DCEL engine can handle threats in 32 categories from up to 32 different IP threat intelligence sources.



Can the IP Threat Reputation feeds be customized regarding risk tolerance?


Yes, the addresses on the list are given a score which indicates the confidence level the provider has in that address's classification.  Increasing the slider value for a particular category decreases the number of addresses from the category included in the policy, i.e. it includes addresses of higher confidence.  Decreasing the slider increases the number of addresses included in the policy, i.e. it starts including addresses of a lower confidence.



Is the Poliwall compatible with a firewall configuration with High Availability?


Yes, the M-series, X-series, and the Z-series all have High Availability for an Active/Active or Active/Standby configuration.



Will the PoliWall support external logging to a log server for denied traffic, or SNMP polling, and if so, what version of SNMP?


Yes, it will log denied traffic, and in fact all traffic, to an external server via Syslog.  It does support SNMP polling with SNMP version 2c and version 3.  The SNMP interface contains traffic statistics aggregated by country.



Does PoliWall interfere with a voIP phone system?


No, the PoliWall introduces less than 1 millisecond of latency to the network, so you should see no difference in the performance of your voIP.



Does the PoliWall allow VPN connections?


The PoliWall will handle VPN traffic like any other traffic and allow/block it based on the policy applied. You can create a separate policy specifically for VPN traffic if a different policy is desired.



How is PoliWall different from an IDS?


An IDS uses deep packet inspection to detect signatures of known malware or intrusion attempts. PoliWall works by blocking high-risk traffic from IP addresses that have previously been associated with malicious behavior. By using the "IP Reputation" of the external IP address, PoliWall can block malicious traffic when a signature is not currently available, helping reduce the possibility of zero-hour security breaches.



What DDoS capabilities does the PoliWall have?


While the PoliWall isn't specifically a DDoS prevention device, it can help in certain types of DDoS attacks.  The PoliWall is typically downstream from your ISP, so it can't help if the DDoS is using up all your ISP bandwidth since by the time the packets get to the PoliWall, the bandwidth is already used up.  However, if the attack is targeting resources that are inside the perimeter of the PoliWall, like firewall sessions or application resources, it can help in may situations.  The Country Blocking or Throttling features can stop or reduce much of an attack if you don't need to allow traffic from many of the countries being used in the attack.  Also, many hosts used in a DDoS are compromised and could be known members of botnets or on blacklists.  Blocking these by enabling the threat intelligence and available blacklists can stop them before they use up resources on firewalls or application servers.



Can we create multiple user accounts in the Support site?


Yes. In order to create a new user account, an already registered user will have to log into the support site. Click on "Users" along the top of the page, then select "Add User". Fill in the required fields, then click "OK". You can also edit or delete existing users on the "Users" screen.


If a failure is experienced (loss of power, surge, etc.), is there a convergence time for network connectivity while entering failover mode on the unit? Will switching into failover mode be noticeable to the users?


There really is no convergence time during a failover, as the bridge pair is transparent. Although there would probably be a few lost packets as the physical relay closes and shuts the internal circuitry of the PoliWall off from the network, the users would most likely not notice any change.


What does the PoliWall need outbound access to?


The PoliWall needs outbound access to:
- A DNS server (UDP port 53), this may be inside your network
- The Bandura support site over HTTPS (support.bandurasystems.com, TCP port 443)
- BanduraONE over HTTPS (gmc6.bandurasystems.com or gmc1.bandurasystems.com, TCP port 443)


Will PoliWall suport VLAN over a trunk?


It will support VLANs for a trunk, with the requirement that each VLAN has unique subnets. We don’t do VLAN aware filtering, but do properly handle packets that are part of a VLAN.