To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Firewall rule with dynamic specified remote host

Options
haggis
haggis MyAccount Posts: 3 Security Scout
in WithSecure Business Suite

I need to make a firewall rule in Policy Manager (10) that allows trafic to host named computername.

Now I have to do that rule for every machine individually and it takes very much time.

 

E.g I have to make rule that allow trafic to remote host computer1 for computer1

and rule that allow trafic to remote host computer2 for computer2 and so on...

 

So I'm asking you that are there any possibilities to do rule that have dynamic remotehost with some kind of variable?

E.g rule allow traffic to remote host <computername>.domain.com and it replaces <computername> with local computer name on local machine?

 

Br

haggis

Comments

  • Siltanen
    Siltanen W/ Alumni Posts: 47 Digital Defender
    Options

    Hello haggis,

     

    Our firewall doesn't have support for any variables like that. Only "variable" (if you will) we have is basically the "My network" which applies to the ruleset inside the current subnet range in a network where the workstation is connected to.

     

    Could you open up the use case a bit more though? I am not sure I got it correctly, but can't you just create the rule based on host initiating the connection (in other words: remote host)?

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master
    Options

    Hi,

     

    the standard is that ALL outbound traffic is allowed. So you do not need a rule on C2, C3 C4...

    you only need a rull on c2,c3,c4 to allow inbound traffic from C1!

     

    BR

     

  • suntattood
    suntattood MyAccount Posts: 14 Security Scout
    Options

    It means that all traffic will lead into just single remote host, right? image

  • haggis
    haggis MyAccount Posts: 3 Security Scout
    Options

    Well, but default in our environment is that everything is blocked and we allow only few connections.

     

    Thats why variables could be very nice.

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master
    Options

    Hi,

    your idea of using local firewalls does not seem bring you any security benefit!

     

    But maybe I have still not understood the idea, so please post a complete ruleset here.

     

    BR

  • haggis
    haggis MyAccount Posts: 3 Security Scout
    Options

    Idea is that all the connections in and out from client is blocked as default. Then we allow few connections and connection from computer1 to computer1 is one of the allowed connections.

     

    I hope this helped you, I can't post complete rule set because of our security orders:/

     

    Our network is offline, so thats why our rules could be little bit weird.

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master
    Options

    Hi,

     

    then I recommend to use an empty ruleset that has only a "Deny all"

    Use Application control and set it to deny any unknown application.

    add the well know aplications to Application control rules.

    Applications listed there will be granted access because they are handled right before the Deny all.

    For windows services you want to block (because they are whitelisted) you need to add an additionl rule.

     

    BR

     

This discussion has been closed.

Categories