4 Replies Latest reply on Apr 15, 2011 3:03 PM by georgec

    Issue with fqdn?

      Hi,

       

      Does somebody have experience with the host IPS 8.0 and Firewall-Rules using the FQDN ??

       

      Is there a known issue?

       

      If I create a rule with an IP-address --> Everything is working fine.

       

      If I use the FQDN from my domain. --> No match to my rule.

       

      But I need this selector to seperate if the user is @home or in the office (domain).

       

      Situation:

       

      The user is in the office --> Allow all .

      The user is at home (no VPN) --> Use the default ruleset.

       

      My first rule is:

       

      1.FQDN mydomain.example-----> allow all

      2. Default ruleset if the pc is not in the domain.

       

      But the 1 rule does never match. I'm in the domain:-(

       

      Does anybody have a solution or a workaround for this issue?

       

      Thank you in advance.

       

      Kind regards

       

      Michael

        • 1. Re: Issue with fqdn?

          Hi,

           

          Can u plz check the domain name again and try to ping.

           

          Please revt for more queries.

           

          Gaurav Sahni

          • 2. Re: Issue with fqdn?
            Kary Tankink

            FQDN firewall rules allow traffic to/from that specific FQDN host (which the Host IPS product has to do a reverse-DNS lookup for the IP address). 

             

             

            Situation:

             

            The user is in the office --> Allow all .

            The user is at home (no VPN) --> Use the default ruleset.

             

            From the "Situation" you stated, you want to configure Location Aware Groups (LAGs) that will determine if the user is in the office or at home.  Inside the "In office" LAG, you'll create firewall rules to "Allow all".  Otherwise, if the user is in any other location, they will only be able to use the non-LAG ruleset (which you can then limit to only certain resources).

             

            Page 55 of PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide

            • 3. Re: Issue with fqdn?

              Hi,

               

              the domain name is correct and I can ping  domain.example.  Is this what you mean?

               

              There are 5 DC which are trusted. Mabye this is mentionable.??

               

              Thank you in advance

              • 4. Re: Issue with fqdn?
                georgec

                Install HIPS 7.0, I tried 8.0 but it's too darn buggy