Firewall rule with dynamic specified remote host

I need to make a firewall rule in Policy Manager (10) that allows trafic to host named computername.

Now I have to do that rule for every machine individually and it takes very much time.

 

E.g I have to make rule that allow trafic to remote host computer1 for computer1

and rule that allow trafic to remote host computer2 for computer2 and so on...

 

So I'm asking you that are there any possibilities to do rule that have dynamic remotehost with some kind of variable?

E.g rule allow traffic to remote host <computername>.domain.com and it replaces <computername> with local computer name on local machine?

 

Br

haggis

Comments

  • SiltanenSiltanen Posts: 108 Former F-Secure Employee

    Hello haggis,

     

    Our firewall doesn't have support for any variables like that. Only "variable" (if you will) we have is basically the "My network" which applies to the ruleset inside the current subnet range in a network where the workstation is connected to.

     

    Could you open up the use case a bit more though? I am not sure I got it correctly, but can't you just create the rule based on host initiating the connection (in other words: remote host)?

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Hi,

     

    the standard is that ALL outbound traffic is allowed. So you do not need a rule on C2, C3 C4...

    you only need a rull on c2,c3,c4 to allow inbound traffic from C1!

     

    BR

     

  • suntattoodsuntattood Posts: 20

    It means that all traffic will lead into just single remote host, right? image

  • haggishaggis Posts: 3

    Well, but default in our environment is that everything is blocked and we allow only few connections.

     

    Thats why variables could be very nice.

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Hi,

    your idea of using local firewalls does not seem bring you any security benefit!

     

    But maybe I have still not understood the idea, so please post a complete ruleset here.

     

    BR

  • haggishaggis Posts: 3

    Idea is that all the connections in and out from client is blocked as default. Then we allow few connections and connection from computer1 to computer1 is one of the allowed connections.

     

    I hope this helped you, I can't post complete rule set because of our security orders:/

     

    Our network is offline, so thats why our rules could be little bit weird.

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Hi,

     

    then I recommend to use an empty ruleset that has only a "Deny all"

    Use Application control and set it to deny any unknown application.

    add the well know aplications to Application control rules.

    Applications listed there will be granted access because they are handled right before the Deny all.

    For windows services you want to block (because they are whitelisted) you need to add an additionl rule.

     

    BR

     

This discussion has been closed.