I am trying to create HIPS policy, please help.
My requirement is as below
1) Traffic need to allowed to trusted networks when in Office
2) Specific traffic/rules need to be allowed in VPN
3) Allow traffic for hotspot registration
4) Allow few traffic and block all other traffic in other locations.
And am also confused on connection isolation option
Not not able to create one rule all in one for ex: allow trafffic source x, destination y, ports: TCP A,B UDP C - this need to be done using group of rules???
Thanks in Advance!!!
1.)Create 1 Trusted Networks policy. Put your office Subnet into this policy.
2.)Create a Firewall Rules Policy. In this policy, put a Connection Isolation Group. Define your office subnet in this Connection Isolation Group, use something common, like a DNS Server address, DHCP Server address, etc. In the Network Options section, define your office network subnets. Once a system matches this criteria in its tcp/ip settings, it will receive the rules that are within the Connection Isolation Group
3.) Add a Firewall Rule inside your Connection Isolation Group. In this rule, Create a description, select "Allow", then in the "Network Options" tab, select "Add from Catalog", then select "Trusted Networks".
Essentially what steps 2 and 3 are doing is creating a condition. If your user is at the office (or VPN'ed in), they are going to allow traffic from the networks defined in your "trusted networks" list.
4.) If you wanted to create special rules for users who are VPN'ed in, create another Connection Isolation Group above the first one I explained. In this group, make your Connection Isolation Criteria your VPN IP range. In this group, create the rules that you want specifically applied to VPN users.
Sounds like you have some other requirements, but through creative use of groups, you can likely get something to work to fit your needs.