Kaspersky Security for Internet Gateway Latest Topicshttps://forum.kaspersky.com/forum/kaspersky-security-for-internet-gateway-176/Kaspersky Security for Internet Gateway Latest TopicsenSNMP MIBShttps://forum.kaspersky.com/topic/snmp-mibs-38632/ Hi, 

I need to know if exist a MIB objects for Kaspersky Web Traffic Security that support monitoring interface traffic

For example:

  • Bandwidth % used in the intefaces.
  • Bandwidth used for the clients.
  • # of clients connected in each node.

Thanks in advanced!

]]>38632Thu, 18 Jan 2024 14:31:05 +0000Bypassing rule for ISO fileshttps://forum.kaspersky.com/topic/bypassing-rule-for-iso-files-37522/ Hi all,

Would some of you have examples of rules creation within KSIG ? My goal would be not the scan ISO images bigger than 100MB.
I came with this although was wonder if the mime type isn't perhaps to "broad" so to speak:

Bypass Rule

Traffic filter
HTTP Content-Length, KB     greater than or equal to 100240 KB
--- AND ---
MIME type of HTTP message     application/octet-stream

It works as intended although if anyone might have better or sharper, it's welcome.

Let me know,
Kind regards,
M.

 
   
   
 
]]>37522Mon, 27 Nov 2023 13:03:37 +0000Categories in Dashboard are always 0https://forum.kaspersky.com/topic/categories-in-dashboard-are-always-0-32965/ What should we do to have sites get categorized/classified ? Isn't it an automatic action based on some KWTS database ?

]]>32965Fri, 21 Apr 2023 15:06:29 +0000EICAR.COM and EICAR_COM.ZIPhttps://forum.kaspersky.com/topic/eicarcom-and-eicar_comzip-32964/ EICAR.COM test file from "https://www.eicar.org/download-anti-malware-testfile/" is detected and blocked, BUT! EICAR_COM.ZIP is detected and ALLOWED to be downloaded. Is it OK ? It seems not...

]]>32964Fri, 21 Apr 2023 14:51:12 +0000How to import .KEY file ?https://forum.kaspersky.com/topic/how-to-import-key-file-32908/ We have key-file with suitable licence number. How to import it ? 

]]>32908Mon, 17 Apr 2023 12:03:20 +0000How to get trial license ?https://forum.kaspersky.com/topic/how-to-get-trial-license-32906/ How to get trial license ?

]]>32906Mon, 17 Apr 2023 09:29:56 +0000How to update licence on Web Traffic Security 6.1?https://forum.kaspersky.com/topic/how-to-update-licence-on-web-traffic-security-61-32474/ Hi,

i got a new licence and Activation Code for Web Traffic Sec on my Squid proxy.

In the Settings at the web-gui there is a "licence" subject, but it only allows to *delete* the active key. Not to add / update one.

Do i have to delete the key first, before  updating the new one?

Will Kaspersky halt if i delte the existing key and kill all my users connections?

I am afraid, i need some help here. The docs are not usefull on that...

 

regards

Sachbearbeiter

 

]]>32474Mon, 27 Mar 2023 09:12:23 +0000Serving a proxy.cap file through nginx on KWTS all in one appliance (ISO)https://forum.kaspersky.com/topic/serving-a-proxycap-file-through-nginx-on-kwts-all-in-one-appliance-iso-28954/ Hi all,

A possible way of serving a "proxy.pac" file from your KWTS "all in one" appliance (.ISO based setup) --> please note that this might not be officially supported
Obviously, you need SSH access to your KWTS appliance. 

----> edit /etc/nginx/mime.types and add the following line where it alphabetically belongs, respecting the identation:
[root@kwts ~]# vim /etc/nginx/mime.type
types {
  ~
  application/x-ns-proxy-autoconfig			pac;
  ~
}

----> create a folder which will be hosting our .pac file:
[root@kwts ~]# mkdir /usr/share/nginx/pac

----> create /etc/nginx/conf.d/pacserver.conf (you need to edit the lines below according to your wanted scheme: <port>, <fqdn>):
[root@kwts ~]# vim /etc/nginx/conf.d/pacserver.conf
server {
  listen <port>;
  server_name  <fqdn>;
  charset utf8;
  location / {
    root /usr/share/nginx/pac;
    index proxy.pac;
  }
}
    
----> create your proxy.pac file and edit accordingly:
[root@kwts ~]# vim /usr/share/nginx/pac/proxy.pac 
function FindProxyForURL(url, host) 
{
        
        // Convert host to lower case
        var lhost = host.toLowerCase();
        host = lhost;
        
        // Convert url to lower case
        var lurl = url.toLowerCase();
        url = lurl;
        
        // Defining proxy Services
        var direct = "DIRECT";
        var kwts = "PROXY 10.1.1.250:3128";
        
        // Forced through --> KWTS
        if (shExpMatch(host, "Hostname.FQDN"))
            return kwts;
        
        // If the hostname suffix is within *.xxx --> DIRECT.
        if (shExpMatch(host, "*.local"))
            return direct;
        
        // DEFAULT RULE: Catchall --> KWTS
            return kwts;

}    
    
----> restart nginx services
[root@kwts ~]# systemctl restart nginx.service

----> verify that the assigned PACSERVER:PORT is up and listening:
[root@kwts ~]# ss -tnlp

----> test a proxy.pac retrieval:
[root@kwts ~]# curl http://<your.fqdn.suffix:port>/proxy.pac
function FindProxyForURL(url, host) 
{
        
        // Convert host to lower case
        var lhost = host.toLowerCase();
        host = lhost;
        
        // Convert url to lower case
        var lurl = url.toLowerCase();
        url = lurl;
        
        // Defining proxy Services
        var direct = "DIRECT";
        var kwts = "PROXY 10.1.1.250:3128";
        
        // Forced through --> KWTS
        if (shExpMatch(host, "Hostname.FQDN"))
            return kwts;
        
        // If the hostname suffix is within *.xxx --> DIRECT.
        if (shExpMatch(host, "*.local"))
            return direct;
        
        // DEFAULT RULE: Catchall --> KWTS
            return kwts;

}   
[root@kwts ~]#

You should afterwards be able to configure your OS'es/Browsers using the PAC file: http://kwts.domain.suffix:PORT/proxy.pac

Hope this helps,
Kind regards.
m.

]]>28954Mon, 31 Oct 2022 18:32:36 +0000<![CDATA[disengaging VIA & X-FORWARDED-FOR HEADERS]]>https://forum.kaspersky.com/topic/disengaging-via-x-forwarded-for-headers-28915/ Hi all,

Continuing my testings, like it more and more ?
I actually found out that the integrated squid proxy would send out the VIA & X-FORWARDED-FOR HEADERS if not specifically disabled.
Here is what I've done in order to disengage these settings (caution: this might not be supported at all):
  

---> Edit the squid.conf.template file + addons = last tree lines of the snipet below:

[root@kwts ~]# vim  /opt/kaspersky/kwts-appliance-addon/share/templates/squid.conf.template
{#-* This is a template for generating a configuration file *-#}
################################################################################
# This file was generated automatically.                                       #
# All changes to this file will be lost.                                       #
################################################################################

cache deny all
cache_mem 0
shared_memory_locking on
shutdown_lifetime 5 seconds
stats_collection deny all
error_log_languages off
via off
forwarded_for off
follow_x_forwarded_for deny all

---> Use the Web Admin interface and change any setting of the built-in proxy server. 
---> This will cause the settings update. For example, you can change the Access log parameters and save the changes.

You can test before and after here:
https://www.whatismybrowser.com/detect/what-http-headers-is-my-browser-sending

Cheers,
m.

]]>28915Sun, 30 Oct 2022 15:47:33 +0000<![CDATA[KWTS & Multi Homing]]>https://forum.kaspersky.com/topic/kwts-multi-homing-28907/ Hi there KTeam,

I'm currently testing KWTS and honestly I'm very pleased with the appliance, stunning stuff!!
I've been a bit astonished that multi-homing or multiple Ethernet interfaces doesn't seems to be endorsed by default, simple stuff like "trusted/untrusted" interface was my goal.

Nevertheless, I found ways to enable KWTS in the layout I've wanted (perhaps not supported) and let me share that with you: 

----> You need a public/private key pair in order to be able to access the KWTS Technical Support Mode (SSH):
----> creating the key pair:
ssh-keygen -o
----> You then need to upload the public key on KWTS Web Admin for being able to connect over SSH:
ssh -i kwts root@10.1.1.250

----> Enabling ip_forward / reboot persistent:
[root@kwts ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
net.ipv4.ip_forward = 1

----> Adding interface based routing (if needed etc..)
[root@kwts ~]# cat /etc/sysconfig/network-scripts/route-eth0
10.0.0.0/8 via 10.1.1.1 dev eth0

----> A few iptables rules in order to DROP anything except ICMP messages inbounding on eth1 (my untrusted interface):
[root@kwts ~]# cp /etc/sysconfig/iptables-config /etc/sysconfig/iptables-config.ORG
[root@kwts ~]# iptables -F 
[root@kwts ~]# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT 
[root@kwts ~]# iptables -A INPUT -i eth1 -p icmp -j ACCEPT 
[root@kwts ~]# iptables -A INPUT -i eth1 -j DROP
[root@kwts ~]# iptables-save > /etc/sysconfig/iptables-config

Finally, I've setup the KWTS on a KVM Host which worked flawlessly using the ISO file.
 

Thanks,
Cheers,
m.

 

]]>28907Sun, 30 Oct 2022 12:27:41 +0000