Upon configuring Kaspersky IoT Secure Gateway Network Protector, ensure that the application is set to auto-start, and restart Kaspersky IoT Secure Gateway 1000. Failure to do so will result in custom filtering rules being deleted on the next startup.
Kaspersky IoT Secure Gateway Network Protector lets you block IP addresses whose internal and external traffic must be blocked, and unblock IP addresses whose traffic must be allowed.
Kaspersky IoT Secure Gateway Network Protector can block IP addresses according to industrial packet analysis rules that include command filtering rules and anomaly detection. You can define filtering rules in the application settings.
If a rule is triggered, Kaspersky IoT Secure Gateway Network Protector blocks suspicious network traffic and adds the source IP address to the denylist. You can manually delete an IP address from the denylist if you want to allow traffic from that IP address.
Kaspersky IoT Secure Gateway Network Protector can create up to 1000 rules in the list of blocked IP addresses. The time from triggering a rule to blocking the traffic does not exceed 1.4 seconds.
Firewall rules and filtering rules are applied to traffic analysis only at the time of establishing a connection via TCP.
Kaspersky IoT Secure Gateway Network Protector sends information about the blocked traffic and IP addresses to Kaspersky IoT Secure Gateway 1000. An appropriate event is added to the event log in Kaspersky Security Center and the firewall audit log in the Kaspersky IoT Secure Gateway 1000 web interface.
The IP address allowlist contains the internal network's and external network's IP addresses whose network traffic is not blocked by Kaspersky IoT Secure Gateway 1000. You can manually add IP addresses of the devices whose traffic should be allowed to the allowlist. Network traffic from IP addresses of the new devices that appear in the network is allowed by default; these IP addresses are not blocked by the system. If necessary, you can also remove IP addresses of devices from the allowlist.
In some cases when the Kaspersky IoT Secure Gateway Network Protector application cannot process traffic received by the device, it may crash and the system will switch to emergency support mode. This may occur when processing specific types of network packets sent via the SIP, SMB, SMTP, DNS, HTTP, or HTTP2 protocols. The SIP protocol is involved in establishing a connection from external IP addresses if the modem is being used as the main communication channel and has an installed SIM card whose IP address can be accessed directly from the internet.
If this happens, you will need to apply a patch to disable processing of unsupported traffic and thereby restore the functionality of the application and system.