3 Replies Latest reply on May 1, 2017 5:55 PM by johnmoe

    QUARANTINE policy with NAS

    j.brook

      Hello,

       

      I am wanting to configure a firewall rules policy which blocks access to everything except the ePO (for DAT updates and so I can kick off scans etc).

      I have gotten pretty close, but the end machine still has access to our NAS. 

       

      Any ideas?

       

       

      Regards,

       

      Joe

        • 1. Re: QUARANTINE policy with NAS
          Daniel_S

          Well if you really block everything except ePO how are they able to talk to antoher IP-Adress.

          How is your current configuration looking?

          How about DNS and all the AD stuff in your network? Not needed?

           

          If you really want what you write then it´s: IP-Adress-EPO + Ports needed for communication.

          Everything else: block

           

          How are your endpoints accessing your nas? and how do you tell that your firewall rules do not work correctly?

          • 2. Re: QUARANTINE policy with NAS
            j.brook

            I'm not sure I understand your response.

             

            To clarify - I have managed to achieve the goal of blocking everything, except NAS access.

             

            They access the NAS using mapped shared drives, or by entering the location directly \\NAS\_____

            • 3. Re: QUARANTINE policy with NAS
              johnmoe

              What Daniel_S is getting at is, what you're describing (block all but ePO) is simple to achieve.  Create a new firewall rule policy, allow the IP address of your ePO server and the ports it needs, and then put a block any any under that, and you're done.  However, then it won't talk to the Internet.  Or DNS.  Or Active Directory.  Or anything.

               

              However, if you have it blocking everything *that you want*, except for your NAS, then we'd need to know more about how clients are accessing the NAS, and what rules are already in place.  Easiest case is you create a block rule for the IP address of the NAS in the destination.  If there are other things on the NAS they need to access, then we'd need to know what those things are, and what port they access thing on the NAS with.