Policy Manager 14 Firewall
Im configuring a firewall profile for my endpoint clients (v14.10).
I know that there is no order anymore in this firewall version, so 1 is not validated before 2. ( what strange is for firewall rules).
I read somewhere that if u have a rule that allows something specific and u have a general rule that blocks everything. That the specific rule (allow rule) applies to it.
However i would like to block a certain protocol in my network. But to some ip adresses the client can still use that protocol.
So i have 2 rules, one that allows the protcol being used to that ip adres and one that blocks everything.
And this does not work. I see in the log on the client device that the block rule blocks the connection to that specific ip over that protocol.
There should be different rules for inbound and outbound.
For inbound, it should be enough to add only allow rule for customer IPs. All the rest should be blocked by default.
For outbound, you need to create 2 rules. One to block all IPs for a specific protocol, and one for allowing specific IPs for it. It is also possible to have only one block rule with specified ip ranges which will not include required IPs.
I added a rule to authorize rdp protocol form a specific subnet et I added after another rule to block rdp from any ip.
Il lost the connexion even from the authorized subnet.
How to do ?
Thomasvr Posts: 18 Explorer
The block all rdp will be a "stronger" rule than the allow rdp from a specific subnet.
U will need to allow rdp from a specific subnet and then set the firewall to block all traffic thats not listed in a rule.
By doing so u will need to write rules for all the traffic that u want to be allowed.
I thank you.0