cancel
Showing results for 
Search instead for 
Did you mean: 
mjanowsky
Level 7

EPO Host intrusion prevention notebook offline

Hi Group,

i am looking for an solution with host intrusion prevention.

My question:
Is it possible when you have host instrusion prevention installed that the firewall is disabled when the client is connected to the domain?

We need this setting for our notebooks. When the notebooks are connected to our domain we don`t want that the firewall is activated.
When the user goes out of office the firewall should be activated.

I know that its possible with the windows firewall managed by group policies.

Thanks for all answers
0 Kudos
3 Replies
gaetan.leroy
Level 7

Re: EPO Host intrusion prevention notebook offline

Hi,

Yes you just have to create a group policy in your firewall rules.

This group policy can recognize your domain using suffix dns, dns,...

create a rule in this group policy with all ip trafic authorized.

Regards

Gaëtan

0 Kudos
bperez
Level 10

Re: EPO Host intrusion prevention notebook offline

Also you can use rule based to you LAN IP segment or adding to a trusted networks.

0 Kudos
petersimmons
Level 12

Re: EPO Host intrusion prevention notebook offline

Yes, you can actually create what we term "Connection Aware Groups". You can use multiple sets of criteria in the creation of them including DNS suffix (the one assigned -- not the search order), IP range, DNS servers and a few other bits.

From there you can create a policy that allows or restricts traffic as you desire.

Realize that CAGs should be treated as whole firewall policies. And that you need some non-CAG rules to start to always allow basics (DHCP, DNS and a couple others). Please look for the firewall policy called "Typical Corporate Sample". Use it as a baseline for what you're trying to do. That was my intent when I wrote them.

0 Kudos