To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Quarantine rules for Fw | CS 14.02

_Vincent_
_Vincent_ Posts: 14 Security Scout

Hi everyone,

 

Does someone knows how to activate the use of the Quarantine Mode with CS 14.02?

 

Of course, 'Enable network quarantine' box is checked.

 

As no ruleset are defined by default with version 14.x, I try to create a custom 'Network Quarantine' profile... keeping exactly the same name as for the version 13...

but no way...

As soon as my F-Secure set my computer into quarantine, I can read in the interface this : Network Isolation. I was expecting to read 'Network Quarantine'.

And if I check the rules in the Windows Firewall (advanced mode), my custom profile is not applied at all.

 

Is it still possible to customize the ruleset in quarantine mode??

 

Vincent

Comments

  • _Vincent_
    _Vincent_ Posts: 14 Security Scout

    Hi everybody...

     

    Still any news about this update?

    We really need this functionnality. It's very important for us to be able to customize FW rules while being in quarantine mode.

     

    Vincent.

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Vincent,

     

    No more updates at the moment. Work is in progress, and the solution is expected in the next PM version (14.20).

     

    Best regards,

    Vad

  • _Vincent_
    _Vincent_ Posts: 14 Security Scout

    Hi,

     

    Today I installed PM 14.20.

    There is a new option, named 'Network isolation'.

    Is it this I have to use to define customized FW quarantine rules... Or is it simply a new option to isolate 'manually' some devices when an attack is suspected to occurs?

     

    It's not clear for me... and I found very few informations on this topic until now...

     

    I will greatly appreciate any advices...

     

    Best regards,

     

    Vincent.

     

     

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Vincent,

     

    Network isolation rules are the firewall rules applied when a managed host gets isolated. It can become isolated either due to Network quarantine feature when certain criteria are not met, or get isolated manually by Policy Manager administrator using Operations > Network isolation > Isolate remote operation. The same isolation rules will be applied in both cases.

     

    Best regards,

    Vad

  • _Vincent_
    _Vincent_ Posts: 14 Security Scout

    Hi Vad,

     

    This is exactly what we were waiting for...

     

    And it works perfectly...

     

    Thank you. 

  • kmastemaker
    kmastemaker Posts: 11 Security Scout

    Hi _Vincent,

     

    how do I configure F-secure so I can use Network Isolation on a host?

    Í've tried

    - Enable the firewall

    - setting a network isolation rule

    but when I go to Operations and select Isolate on the host, nothing seems to happen.

    Any info on this would be welcome.

    Thanks,

    Klaas 

This discussion has been closed.

Categories