I plan to use HIPS + FW for my remote DC's. But I cant figure out how to solve this problem :
Theoritically at a remote site there are 20 PCs + DC. I want to control and manage Windows RPC actions (Port 137-139) between these machines. I plan to create a rule like ; only allow RPC traffic from local site (x.x.x.x network).
IMO the simplest way to to that is to create a policy for each remote site and assign to it's site. But that means lot of policies and I want create and manage minimum number of firewall policies and rules.
Is there a better and smart way to do that in minimum number of policies ?
Thank you anyway.
I can think of a couple options off the top of my head:
Option A would be the easiest to manage I think, but option B would make it a bit more locked-down.