Ok, Im still in learning phases of HIPS firewall, but for the life of me I cannot get something to work. What I would like to accomplish in testing phase is to basically have the firewall turned on but allow all traffic through except for individual things I want to block. for example I would like to block any communication to a single ip address from any protocol, but all other traffic is allowed. So I set up the policy with an allow any/any rule and then a rule to block the individual ip address. I have verified the policy is applied to the host but i can still ping the ip, go to the ip in a browser, telnet to it, etc. Can anyone give me some advice as to what is happening? Here are some screenshots
Image 1 is my rule to block any communication to an IP
Image 2 is the rule to allow all other communication
Remove the Local Network object; you do not have to define where the traffic is coming from for an Outbound packet. Just define the Remote IP address.