allowing / denying traffic on a Multihomed server
Updated: 10 Jun 2010 | 1 comment
Hi, i'm in the process of trialing CSP and i'm not sure how i can do this.
i've got a server that is sat on two networks, it's got various security around it such as access lists on the router/gateway on each side and the server is configured to allow remote access only to certain users etc. but i need to make it more secure on one network than another if that makes sense.
on the one side i need rdp, ability to drive map, ntp etc etc but on the other network i only want a series of ports to be able to communicate with a single piece of software - is this level of locking down possible with CSP, all the policies i've created so far appear to cover all subnets / interfaces.
Thanks in advance
Chris
discussion Filed Under:
Comments
SCSP policies apply to all
SCSP policies apply to all NICs that are installed in a protected machine. If you want to write policies that are network specific, you would need to generate firewall rules to take into account the specific subnets. This is by design as we want to ensure any communciation methods introduced to the machine are covered.
If NIC specific control is mandatory, SEP has that function for Windows machines.
Would you like to reply?
Login or Register to post your comment.