Video Screencast Help

symantec firewall rules

Created: 27 Jul 2013 • Updated: 27 Jul 2013 | 5 comments
abhi1983's picture

If we have to allow all traffic with in corporate network ... .. would this rule in the firewall policy at the top of all rule work .

 

HOST

LOCAL : any

REMOTE : DNS DOMAIN NAME =  ABCD.COM 

APPLICATION : ANY

SERVICE :ALL

ACTION :ALLOW

 

Will this rule allow all traffic with a company network if the machine is part of domain .

 

 

 

 

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

You can also set remote to any as well but yes it should work. Or set local/remote to whatever your internal IP structure is.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

AjinBabu's picture

Hi,

Allowing traffic to or from a specific server

To allow traffic to or from a specific server, you can allow the traffic by IP address rather than by domain name or host name. Otherwise, the user may be able to access the IP address equivalent of the host name.

To allow traffic to or from a specific server

1.    In the console, open a Firewall policy.

2.    On the Firewall Policy page, click Rules.

3.    On the Rules tab, in the Rules list, select the rule you want to edit, right-click the Host field, and then click Edit.

4.    In the Host List dialog box, do one of the following actions:

·         Click Source/Destination.

·         Click Local/Remote.

5.    Do one of the following tasks:

To select a host type from the Typedrop-down list

Do all of the following tasks:

·         In the Source and Destination or Local and Remote tables, click Add.

·         In the Host dialog box, select a host type from the Type drop-down list, and type the appropriate information for each host type.

·         Click OK.

The host that you created is automatically enabled.

To select a host group

In the Host List dialog box, do one of the following actions:

·         Click Source/Destination.

·         Click Local/Remote.

Then in the Host List dialog box, check the box in the Enabled column for any host group that you want to added to the rule.

6.    Add additional hosts, if necessary.

7.    Click OK to return to the Rules list.

Regards

Ajin

abhi1983's picture

HI Brain , if we add any in remote also , would it not allow all IP traffic which is out side the corporate netwok also ...??

.Brian's picture

Depending on what you're internal IP address scheme is, you can can set for local/remote like:

10.0.0.0/8 - 10.255.255.255/8

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

if internet access is allowed on client then yes, any will connect to outside world.

the above ruls should wok, test in one of the small set of machines.