2 Replies Latest reply on Oct 24, 2008 3:47 AM by ffazzi

    Suggestions for a rule

    ffazzi
      Hi everybody, I am very new to the HIPS world an to this forum. I would like to create a Policy that allow the PC to make traffic just on our net and just using VPN. I see that a VPN rule is done, what about allow the computer to run just on our private network (172....). thank you very much. :).null F.
        • 1. RE: Suggestions for a rule
          woodsjw
          If I understand your question, you'll want to create a Connection Aware rule group in your firewall policy. Configure it to identify your internal network subnet + DNS server, DHCP server, WINS Server, DNS Suffix, etc.... and then add whatever 'Allow' rules you want into it. Those rules will only be applied when the device is connected internally.

          Additionally, you'll likely need to create rules outside the connection aware group to allow the necessary traffic to establish the VPN connection. Finally at the bottom of the firewall rules you can add an explicit 'Block All' rule if you like (shouldn't be necessary but makes some people feel better). The firewall validates traffic against firewall rules from top to bottom in the firewall policy so keep that in mind when you're setting the order of the rules.
          • 2. RE: Suggestions for a rule
            ffazzi
            Thank you woodsjw. Nice suggestion! happy F.