falkowich New Member

Hi, The support fsdiag.zip » base/settings.txt were text instead of oid's. Thanks for the help! -- Regards Falk

Hi Vad, The export was taken from a Policy Manager 15.11 and the policyexport was for Client Security for Windows 15.11. -- Regards Falk

Hi Mj-perComp, Thanks for the detailed answer. > Your 4 meta-rules are pretty common, > but based on an old interpretation of a port/packet based firewall design. > Since over 10 years firewalls are deisgned "statefull". Tru, I come from network side of things :) But now I know what direction we can take with this. Going…

@tonke wrote: Hello Falk, you could block unknown connections. So you don't not need explicit deny rules. Best regards, Tonke Hello Tonke, With our drop rules we want to stop lateral movement if a client is compromised. In this example, are a client in the same AD an unknown connection? -- Regards Falk

@jamesch wrote: Hi falkowich New V14 firewall rules have different priority now. Block rules are applied first, and all the rest after that. So it will match each rule one by one and finally does the default action, if did not match any rule. Hi, Thanks for the answer @jamesch. But there is no way to set the priority…

Tnx, I "was afraid" of that :) So the most effective way for this setup is a fspms with: - Connection to Internet - Connection to all networks that use AV (ip/portxxxx) ("dedicated AV network") -- Regards Falk