To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Fine Tuuning Network Quarantine

MarkGenova
MarkGenova Posts: 1 Security Scout
in Business Suite

Hi guys,

i still have an issue with the network quarantine, in my case i need to permit access to a private laboratory network in case the definitions is not updated.

The network is 169.254.0.0/16.

 

I have changed the Internet shield 8 settings of the client editing under rule --> security level --> network quarantine and addind at the top the spcific rule Allow --> all IP trafic <-> 169254.0.0/16

 

Seems that the client when the definition are not updated still continue to block the network.

Anyone could help me?

Thanks

 

Comments

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    THAT is a very weird setup.

    If a system gets an address 169.254.x.x it means it has no connectivity to DHCP or no connectivity at all.
    But the "Quarantine" ruleset will always allow the system to obain a DHCP-address, regardless of it's protection status. Addresses in that range are not routable, must not be forwarded and are prone to address collision (see: https://tools.ietf.org/html/rfc3927)

     

    So what is your idea of allowing that range? Any such implementation should not be needed.

     

    As the rule you created looks fine,did it really arrive at the host? is it active?

This discussion has been closed.

Categories