Specific inbound IP exceptions
Created: 07 Aug 2012 | 4 comments
Thanks for your help.
We use Endpoint Protection Small Businss to manage the server and workstations at our office.
The server needs to have a specific port open to all LAN users, and to WAN traffic from one specific IP address.
Getting it open to all was easy enough, and opening it up to all WAN traffic was easy enough, but it it not obvious to me how I can restrict the WAN traffic to a single IP address (or a list of specific IP addresses).
Could anyone either show me how to do this or point me to the relevant section of the documentation? I can't seem to find it.
Discussion Filed Under:
Comments 4 Comments • Jump to latest comment
hi,
Check this fourms it may be help.
https://www-secure.symantec.com/connect/forums/firewall-exception-managed-client
Thanks In Advance.
Manish
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Hello,
I am still confused whether you want the WAN traffic to be allowed only for a particular computer or you want a particular WAN traffic on all the computers.
If you want to the WAN traffic to be allowed only for a specific computer when while creating the firewall rule you get the below option where you can mention the IP list: (Check the IP image)
Please let me know if it is the other way around.. :)
-- Cheers--
I would like the port to be open on the server to:
All local (LAN) computers.
One specific WAN IP address (remote administrator).
The port should be closed to all other WAN access.
Thanks....
Two solutions:
Solution1:
Create a firewall rule to Block all the WAN traffic for all other host.
Then
Create a IPS policy to allow the particlular set host.
Go to SEPM-->Policy tab-->IPS policy-->Settings-->excluded host provide the IP range inside your (LAN) computers. & One specific WAN IP address (remote administrator).
So The port should be closed to all other WAN access except the excluded host.
Or:
Solution 2:
First rule:
Create a firewall rule to allow all the WAN traffic for your (LAN) computers. & One specific WAN IP address (remote administrator)..
Second Rule:
Create a firewall rule to Block all the WAN traffic for all other host.
first rule in stack get high priority and then it process the second rule.So The port should be closed to all other WAN access except the excluded host.
Idea behind this document:
How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
http://www.symantec.com/docs/TECH92097
Hope this helps..................................
Mohan Babu
moglie20@gmail.com
+91 9884382160
Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)
Would you like to reply?
Login or Register to post your comment.