Pango Platform
HomeConsole
  • What is Pango Developer Platform
  • Getting started
    • Sign up on the Management Console
    • Create a new project
    • Switch projects
    • Change console settings
    • Edit your profile
    • Try out the demo app
    • Keep exploring
    • Deprecation and Sunset
  • Console details
    • Dashboard
      • General
      • Location loading
    • Users
      • User page
    • Active sessions
    • Network
      • Countries
      • Locations
      • Pools
        • Optimal location
        • Location rules
    • Settings
      • General
        • Project config description (JSON format)
          • Server selector (JSON format)
          • Request selector (JSON format)
      • Authentication methods
        • Auth Plugin requirements
      • VPN
        • General
        • VPN Bypass list
        • Client Networks
      • Member
    • Export Data
    • Log
  • SDK
    • Unified VPN SDK for Android
      • Setup
        • Application Setup
        • Proguard Rules, Notification, and Analytics Configurations
        • Backend URL Configuration
      • Usage
        • Initialization
        • VPN Interface
        • Backend interface
      • Features
        • Hydra Protocol
          • Location profile (Hydra only)
        • Custom sdk dependencies
        • Deferred VPN Service Initialization
        • Authentication
        • Client Network List (CNL)
        • OpenVPN transport
        • Wireguard Transport
        • Reconnection strategy
        • Single Protocol SDK
        • Killswitch
        • Domain route via VPN
        • Process route via VPN
        • Process Bypass
        • Domain Bypass
        • Traffic rules
        • VPN Node DNS Configuration
        • Multihop
          • Optimal Location
      • Exceptions
      • Version migration
      • Changelog
    • Unified VPN SDK for Apple
      • Setup
        • Application Setup
        • Network Extension Setup
          • Network Extension Setup for tvOS
        • Backend URL Configuration
      • Usage
        • Single Protocol SDK
        • Unified SDK
        • Logging
        • Decoding Encoded VPN SDK Logs
      • Features
        • Deferred VPN Service Initialization
        • Authentication
        • Wireguard Transport
        • Reconnection strategy
        • Killswitch
        • Domain Bypass
        • Multihop
          • Optimal Location
        • Client Network List (CNL)
        • Domain route via VPN
      • Changelog
      • API Reference
    • IPSEC VPN SDK for Apple
    • Unified VPN SDK for Windows
      • Setup
        • Backend URL Configuration
        • Service command line arguments
        • ARM Platform Support
      • Usage
        • CoreAPI
        • Events
        • Generating a Unique Device Identifier
        • Error processing
        • Pipe Messaging
      • Features
        • Traffic protection
          • Killswitch
          • Prevent IP Leaks
          • Block Local Networks
        • Other
          • Firewall
            • DNS Monitor
            • Process Bypass
            • Domain Bypass
            • Process route via VPN
            • Domain route via VPN
          • Throttling
          • Optimal Location
          • Common issues
        • Hydra Protocol
          • CustomDNS, UserDNS, MultiHop, VpnProfiles
        • OpenVPN Protocol
        • Wireguard Protocol
        • IPSec Protocol
      • Collecting Debug Logs
      • Changelog
    • Unified VPN SDK for Routers
      • SDK. Shared library.
      • Configuration Interface (CI)
        • Unix Domain Sockets CI
        • REST API CI
    • Unified VPN SDK Feature Comparison By Platform
    • Unified VPN SDK
      • Features
        • Personal Bridge
    • Tunnel Vision and Tunnel Crack Prevention
  • REST API
    • Partner API
  • Sample applications
    • Unified VPN SDK demo for Windows
    • Hydra VPN SDK demo for iOS
    • IPSEC VPN SDK demo for iOS
    • Unified VPN SDK demo for Android
    • Hydra VPN SDK demo for OpenWRT
    • OpenVPN configuration file
  • Resources
    • Use cases
      • Public VPN
      • Business VPN
        • Creating a Business VPN Project
        • Wi-Fi Security for Business
      • Application anti-blocking
    • How-to
      • Create a Firebase project for User Authentication
      • AWS CloudFront Distribution of the Platform URL
      • How can I get Shared Secret key from iTunes Connect for In-App Purchase
  • FAQ
    • General
      • VPN Platform Flow
      • What data is collected by the Platform?
      • What analytic data is collected by your SDK?
      • How the Platform restricts access to our data?
      • Why DNS Leak tests often indicate positive result?
      • Do we need to perform endpoint health checks?
      • How is the VPN exit node found?
      • How are streams re-marked if VPN is enabled/disabled on an active flow?
      • Is there a maximum number of supported devices?
      • Are both IPv4 and IPv6 supported?
      • What is the MTU of the tunnel?
      • Are any redundancy measures in terms of reliability provided?
      • Is there any load balancing?
      • Do you block broadcast and multicast to/from the VPN?
    • List of Open Source libs
Powered by GitBook
On this page
  • Categorization service (aka Fireshield) (Hydra transport only)
  • Fireshield Config
  • Alert page configuration
  • Receive information about categorized domains
  • Categorization stats
  • Fireshield dynamic whitelist
  • Fireshield remote configuration

Was this helpful?

  1. SDK
  2. Unified VPN SDK for Android
  3. Features
  4. Hydra Protocol

Fireshield (Hydra transport)

Categorization service (aka Fireshield) (Hydra transport only)

The Unified SDK offers domain categorization functionality, enabling you to classify domains and perform specific actions on them while the traffic passes through a VPN connection. To set up this feature, see below:

final SessionInfo session = new SessionConfig.Builder()
                .withLocation(UnifiedSDK.COUNTRY_OPTIMAL)
                .withReason(TrackingConstants.GprReasons.M_UI)
                .withFireshieldConfig(new FireshieldConfig.Builder()
                        .enabled(true)
                        .addService(FireshieldConfig.Services.IP)
                        .addService(FireshieldConfig.Services.BITDEFENDER)
                        .addCategory(FireshieldCategory.Builder.vpn(FireshieldConfig.Categories.SAFE))
                        .addCategory(FireshieldCategory.Builder.block(FireshieldConfig.Categories.MALWARE))
                        .addCategoryRule(FireshieldCategoryRule.Builder.fromAssets(FireshieldConfig.Categories.MALWARE,"malware-domains.txt")))
                .build();
UnifiedSdk sdk = UnifiedSdk.getInstance();
sdk.getVpn().start(session, new CompletableCallback() {
    @Override
    public void complete() {

    }

    @Override
    public void error(@NonNull VpnException e) {

    }
});

Fireshield Config

Categorization configuration based on specification of categories and rules for categories.

To create categories, you can use one of factory methods:

  • FireshieldCategory.Builder.vpn - create a category with VPN action (traffic (encrypted) goes through the tunnel as IP packets )

  • FireshieldCategory.Builder.proxy - create a category with Proxy action (traffic (encrypted) goes through the tunnel as a payload (for TCP only))

  • FireshieldCategory.Builder.bypass - create a category with Bypass action (traffic goes directly to its destination, without a vpn tunnel)

  • FireshieldCategory.Builder.block - create a category with Block action (traffic gets blocked)

  • FireshieldCategory.Builder.blockAlertPage - create a category with Block action (traffic gets blocked) and a redirection to a specified Alert Page (works for HTTP only)

To create category rules (which domains get to specified category) you can use one of the factory methods:

  • FireshieldCategoryRule.Builder.fromAssets - create category rules from file stored in Assets folder

  • FireshieldCategoryRule.Builder.fromDomains - create category rules from the list of domains

  • FireshieldCategoryRule.Builder.fromFile - create category rules from file on SD card/internal storage

To add to a category file configuration it's possible to use online categorization services.

Possible values are defined as constants in FireshieldConfig.Services.

Alert page configuration

AlertPage static method accepts two parameters: domain and path, on categorization action user will be redirected to [https://domain/page?url=<blocked_url>]

FireshieldConfig.Builder builder = new FireshieldConfig.Builder();
...
        .alertPage(AlertPage.create("connect.bitdefender.net", "safe_zone"))
...

Receive information about categorized domains

SDK will fire callback when transport detect access to configure rule.

UnifiedSDK.addVpnCallListener(new VpnCallback() {
    @Override
    public void onVpnCall(@NonNull Parcelable parcelable) {
        if (parcelable instanceof HydraResource){
            // handle categorization information
        }
    }
});

Categorization stats

SDK provides access to some categorization stats

final FireshieldStats stats = new FireshieldStatus();
//get total scanned connections count
stats.getScannedConnectionsCount(new Callback<Integer>() {
    @Override
    public void success(@NonNull Integer integer) {

    }

    @Override
    public void failure(@NonNull VpnException e) {

    }
});
//get current session scanned connections count
stats.getSessionScannedConnectionsCount();

//reset total scanned connections count
stats.resetScannedConnectionsCount();

Fireshield dynamic whitelist

Categorised domains could be added to whitelist to change category for current session without restart. This setting will reset on session stop.

final HydraResource resource = //current blocked domain
new FireshieldStatus().addFireshieldWhitelist(
    new String[]{ resource.getResource() },
    HydraResource.ResourceRequestOp.ADD, 
    resource.getResourceType(), 
    "safe",
    CompletableCallback.EMPTY
);

Fireshield remote configuration

In addition to local configuration, fireshield can be globally configured on developer dashboard under Settings->Fireshield

Default local/remote resolution rules:

  • remote enabled overrides local enabled

  • remote alert page overrides local alert page

  • remote services if specified override local services

  • remote category overrides locally specified behaviour, if not specified will be added to config

  • remote category rules appends to local defined category rules

Last updated 12 months ago

Was this helpful?