3 Replies Latest reply on May 20, 2016 6:44 AM by youngs

    Endpoint 10 Connection Aware Rule for firewall

    johannh

      Hi,

       

      Would it be possible for anyone to assist me with a sample rule that I can import into Endpoint 10 Firewall. I would like a rule that allows all incoming and outgoing connections on the endpoint when the endpoint can see the ePO server. But then another or the same rule that allows only outgoing connections when the endpoint cannot see the ePO server.

       

      Regards,

        • 1. Re: Endpoint 10 Connection Aware Rule for firewall
          youngs

          We use connection-aware type firewall rules and they work great for us... In your case the first question I would have is do you use a ePO agent handler to provide communication when off network?  If you do then only using the requirement for the ePO server to be reachable won't work for when off your network.

           

          If you go under the Host IPS Catalog you need to configure what is called Location groups.   This is where you can set the requirements which one of them is ePO reachable.   We use both DNS IP and DNS Suffix for our requirements.

           

          Scott

          • 2. Re: Endpoint 10 Connection Aware Rule for firewall
            johannh

            Hi Scott,

             

            We are not using agent handlers to the outside of the network, thus the reason for the rule. We would like specific firewall rules when the customer is off the corporate network. We are also not using HIPS anymore but firewall on endpoint 10.

             

            Johann

            • 3. Re: Endpoint 10 Connection Aware Rule for firewall
              youngs

              Hi Johann,   I just took a look and it appears that the firewall wall rules work the same for endpoint 10 or HIPS.   I would suggest duplicating the default rule and then create a new group which at that point you can set the location aware settings.   Attached is picture of the default with a location-aware group and one rule for any any traffic to show you what I am talking about.  All groups that have a location-aware set will be blue in color as well.

               

              So basically anything above the blue location-aware group works when inside or outside network as well as anything below.   Any rule under the location-aware group you would only have when inside network. 

               

              Scott