Policy Manager 14 Firewall

Thomasvr
Thomasvr W/ Alumni Posts: 18 Security Scout

Hello,

 

Im configuring a firewall profile for my endpoint clients (v14.10). 

I know that there is no order anymore in this firewall version, so 1 is not validated before 2. ( what strange is for firewall rules).

I read somewhere that if u have a rule that allows something specific and u have a general rule that blocks everything. That the specific rule (allow rule) applies to it.

However i would like to block a certain protocol in my network. But to some ip adresses the client can still use that protocol. 

So i have 2 rules, one that allows the protcol being used to that ip adres and one that blocks everything.

And this does not work. I see in the log on the client device that the block rule blocks the connection to that specific ip over that protocol.

 

Any help?

Comments

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff

    Hi Thomasvr,

     

    There should be different rules for inbound and outbound.
    For inbound, it should be enough to add only allow rule for customer IPs. All the rest should be blocked by default.
    For outbound, you need to create 2 rules. One to block all IPs for a specific protocol, and one for allowing specific IPs for it. It is also possible to have only one block rule with specified ip ranges which will not include required IPs.

     

    Regards,
    Monika

  • tom1855
    tom1855 W/ Alumni Posts: 7 Security Scout

    Hi,

    I added a rule to authorize rdp protocol form a specific subnet et I added after another rule to block rdp from any ip.

    Il lost the connexion even from the authorized subnet.

    How to do ?

    Best regards

  • tom1855
    tom1855 W/ Alumni Posts: 7 Security Scout

    Hi,

    It works.

    I thank you.

This discussion has been closed.