One of the many subscription services that WatchGuard offers is Reputation Enabled Defense (RED). This subscription service ‘scores’ websites based on reports from devices all over the Earth. The score system for RED ranks from 1-100, with 100 being the worst URL, and 1 being a clean URL. WatchGuard houses a backend server that receives reports and sends reputation scores to Fireboxes that submit requests. These requests leave the Firebox over UDP port 10108.
Enabling Reputation Enabled Defense requires an HTTP client proxy action, and a threshold configured on the firewall to determine scores that are considered usable in your environment. Once these requirements are met, the Firebox will begin sending those requests to WatchGuard’s backend server for review. If your HTTP client proxy action has AV Scanning enabled through Gateway Antivirus (GAV), and an issue is detected, that is also reported to the WatchGuard RED Server.
Below, we will configure RED in Policy Manager, and explain how this will affect site access in your environment:
Log-in to the Firebox, and open Policy Manager
Create an HTTP Proxy policy
Navigate to Subscription Services -> Reputation Enabled Defense
Select Configure
At this point, you can choose to configure actions to take. The above would be our recommendations, to ensure that every item that comes through the Firebox is being scanned by GAV, IntelligentAV, or APT Blocker.
Select Advanced to review the currently selected scores.
The defaults are displayed above, and can be changed depending on your needs.
Reputation Enabled Defense has now been configured for this policy, and any URL’s going through this policy will be reviewed for scoring.
Reputation Enabled Defense is yet another proponent to get proxy policies and deep packet inspection enabled in your environment. Remember, if deep content inspection isn’t enabled on your HTTPS Proxy policies, RED is only reviewing HTTP URL’s. In today’s climate, more than 90% of websites are HTTPS, meaning that RED is missing 90% of web traffic your user’s access.