Endpoint Protection

 View Only
  • 1.  Endpoint Protection Manager Incremental Firewall Policy

    Posted Aug 03, 2015 08:11 AM

    OK so here is the scenario in the clients section inside the SEPM console.

    - My Company (default policy)

      - Server Group A (Web Servers) - TCP/80

      - Server Group B (TACACS servers) - TCP/49

      - etc. etc.

    Is there a way to define a baseline policy at the "My Company" Level with for example block all inbound except RDP from a specified IP range and SNMP from a single IP.

    Then at each Server Group level to use the preceding default policy but append application specific inbound rules.

    It seems that you can copy the preceding policy to a lower folder and add rules which is OK but would be a pain when you need to add a new default service to the default policy as you'd need to redo each container to absorp the new rule (unless I'm missing something here..)

    I hope this is clear...

    Please feel free to ask questions if you need this clarifying at all.

    regards

    Rob



  • 2.  RE: Endpoint Protection Manager Incremental Firewall Policy

    Posted Aug 03, 2015 12:35 PM

    In essence, each group has a different policy, correct? If so, they need to be treated as three separate policies. Yes, you can make a copy of the baseline policy but you cannot combine policies.



  • 3.  RE: Endpoint Protection Manager Incremental Firewall Policy
    Best Answer

    Posted Aug 03, 2015 01:36 PM

    Yes, it's possible. You can define a baseline firewall policy in My Company and then create a new (non shared) firewall policy in a subgroup. Now just enable the option Inherit Firewall Rules from Parent Group:

    fw01.png

    The firewall rules of the parent group will be inserted either above or below the rules of the subgroup, depending on their position above or below the blue line in their ruleset.

    See this article:

    About inherited firewall rules



  • 4.  RE: Endpoint Protection Manager Incremental Firewall Policy

    Posted Aug 05, 2015 08:43 AM

    Thanks Greg that is spot on..... the key is the setting it non-shared as a shared policy greys out the inherit option.

    Nice and simple thanks....

    Brian - Certified incorrent in this instance :P

    Appreciate the responses guys... 



  • 5.  RE: Endpoint Protection Manager Incremental Firewall Policy

    Posted Aug 05, 2015 08:46 AM

    Thanks for calling me out. Appreciate it.