cancel
Showing results for 
Search instead for 
Did you mean: 

Smart way to create and manage Firewall policies / rules in multiple remote sites ?

Hello everybody,

I plan to use HIPS + FW for my remote DC's. But I cant figure out how to solve this problem :

Theoritically at a remote site there are 20 PCs + DC. I want to control and manage Windows RPC actions (Port 137-139) between these machines. I plan to create a rule like ; only allow RPC traffic from local site (x.x.x.x network).

IMO the simplest way to to that is to create a policy for each remote site and assign to it's site. But that means lot of policies and I want create and manage minimum number of firewall policies and rules.

Is there a better and smart way to do that in minimum number of policies ?

Thank you anyway.

0 Kudos
1 Reply
RRMX
Level 7

Re: Smart way to create and manage Firewall policies / rules in multiple remote sites ?

I can think of a couple options off the top of my head:

  • You can add all of your DC's into a single Trusted Networks policy, and then create one Firewall Rules policy that includes a rule that allows all IP from Trusted...
  • But this is dependent on if you want machines in location X to allow connections from the DCs in all the other locations.

Or...

  • Create one Firewall Rules policy, and make a Connection-Aware Group for each location, then create a rule in each CAG that allows incoming connections from the proper DC.
  • Not sure how many locations you have though... this may be somewhat difficult to manage.

Option A would be the easiest to manage I think, but option B would make it a bit more locked-down.

0 Kudos