1 of 1 people found this helpful
Location aware groups will help you with this.
- Location aware groups will allow you to apply firewall rules only to a specific matching adapter (when on the LAN allow all traffic).
- Within a Location aware group, Connection Isolation will help you block all traffic on non-matching adapters (when on the LAN, block traffic on all other network adapters).
See page 55 of: PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide.
You don't need to have an "Off domain" policy. With a Location aware group, you apply a ruleset when the system is on an "approved" network. If it doesn't match that Location aware group, then the rest of the firewall rule policy will apply (e.g., allow no/limited traffic).
Thanks, I will make an "On Domain" location requiring the ePO server to be available, and using the Domain's DNS suffix, and move the "Off Domain" rules out of that group and delete the second location.
But after some time (eg 10 minutes) connecting to an router at home, my Test-Notebook gets an IP from my router and all works fine to surf the Internet through my home-ISP. Any suggestions to that behavior?