Table of Contents

Application Firewall: General Overview and Best Practices

Mitchell Paul-Soumis Updated by Mitchell Paul-Soumis

What is an Application Firewall in Sonar

An application firewall, strictly defined, is a type of firewall that governs traffic to, from, or by an application or service. Application Layer Firewalls accomplish this through a series of configured policies and rules in order to determine whether to block, restrict, or allow communications to or from the applications.

While traditional firewalls control data flow by examining each packet as it passes across it, application firewalls take it even further by controlling how files can be accessed and code executed by specific applications. By taking this extra step, application firewalls ensure that even if a bad actor somehow gains entry to a network or server, malicious code can't be executed.

The application firewall built into Sonar is specifically a web application firewall, which serves to filter, monitor, and block web traffic to and from a web application.

What are Application Firewall Rules used for?

You can create Application Firewall Rules under Settings -> Security -> Application Firewall Rules, followed by clicking on the "Create Application Firewall Rule" button:

Application Firewall Rules in Sonar allow you to restrict access to and from your instance. When creating a rule, you define the Subnet to allow through, and provide a description for what's being allowed through to the application. The description field is only used for internal purposes, so make sure it's descriptive enough that you'll remember it by the time you need to go back and make changes.

The rules you set in your instance strictly determine what's allowed through, and take effect as soon as the application firewall is enabled, which is done through Settings -> System Settings -> Application Firewall checkbox:

For this reason, it is imperative you first configure at least your local system's IP address as an allowed IP/Subnet prior to enabling the application firewall on your instance.

Common IP Addresses to allow through the firewall

Beyond the IP Address or subnet of your local system, we also recommend allowing the following IP Addresses to your Application Firewall, as these services and devices require access to your Sonar instance in order to function correctly:  

  1. The RADIUS Server
  2. The Customer Portal
  3. Inline Device(s)
  4. Any integrations (Marketing Providers, Preseem, Webhooks)
  5. External API configurations

Common Mistakes to avoid

Make sure not to activate the Firewall until you've entered and described the IP addresses needed to continue accessing your instance

 

How did we do?

Password Policy In Depth

Role Creation using GraphiQL

Contact