Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

Fine Tuuning Network Quarantine

Hi guys,

i still have an issue with the network quarantine, in my case i need to permit access to a private laboratory network in case the definitions is not updated.

The network is 169.254.0.0/16.

 

I have changed the Internet shield 8 settings of the client editing under rule --> security level --> network quarantine and addind at the top the spcific rule Allow --> all IP trafic <-> 169254.0.0/16

 

Seems that the client when the definition are not updated still continue to block the network.

Anyone could help me?

Thanks

 

Comments

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    THAT is a very weird setup.

    If a system gets an address 169.254.x.x it means it has no connectivity to DHCP or no connectivity at all.
    But the "Quarantine" ruleset will always allow the system to obain a DHCP-address, regardless of it's protection status. Addresses in that range are not routable, must not be forwarded and are prone to address collision (see: https://tools.ietf.org/html/rfc3927)

     

    So what is your idea of allowing that range? Any such implementation should not be needed.

     

    As the rule you created looks fine,did it really arrive at the host? is it active?

This discussion has been closed.