From time to time, a requirement comes down the pipeline in which a machine with a "special" purpose needs to be connected to the internal network. The requirements are as follows:
- No ability to "ping" the machine
- No inbound traffic allowed
- Only one IP address is allowed to access this machine via port 3389 for remote administration
Meeting the above requirements can be accomplished using the SEP firewall. For the purpose of this article, I'm using SEP 12.1 RU3.
Here's a screen shot of the three firewall rules created to accomplish our goal:
To test the first rule, Block Ping, we can verify the block with a simple Nmap scan:
The Traffic log from the SEP firewall also verifies the ping attempt is blocked:
Next, we can test the second rule, Allow Remote Administration, by doing a simple RDP to the machine from the allowed IP address. The Traffic log from the SEP firewall also confirms this is working:
Now, I did an Nmap scan from the allowed IP address to confirm port 3389 is open, which it is:
I also did an Nmap scan from a disallowed IP address to confirm port 3389 is closed, which it is:
Lastly, we can test the third rule, Block Incoming Traffic, by attempting to connect to a share on the machine. Access is denied:
The Traffic log from the SEP firewall also confirms the block was successful:
The SEP firewall is a great tool and has endless possibilities for controlling traffic on your network. The aim of this article was to give you a small snapshot into what is possible using the firewall. I hope this is helpful to you. Please feel free to leave feedback, whether positive or negative.