Policies to Deny any Connections to Server

IT Infra Lv1Posted 05 Jun 2024 14:21

Hi, i've been trying to make new policy for one of our servers, the policy is deny any connections to the server, after applying it, nothing happends? any insight? thanks.

Enrico Vanzetto has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hi, first you should double check your policy and check if there are some policy above that bypass your newly created policy. After taht, go to System -> troubleshooting and try to do a precise traffic analysis specifying source ip (of the client you are trying to connect to server) and perform some traffic on the server you want to block connections. You should see the corresponign policy that match the traffic you made to the server. Keep in mind that if you are trying to connect to server on the same network segment, the traffic do not pass through ngaf firewall device (it's a lateral movement).
Is this answer helpful?
Enrico Vanzetto Lv4Posted 05 Jun 2024 17:25
  
Hi, first you should double check your policy and check if there are some policy above that bypass your newly created policy. After taht, go to System -> troubleshooting and try to do a precise traffic analysis specifying source ip (of the client you are trying to connect to server) and perform some traffic on the server you want to block connections. You should see the corresponign policy that match the traffic you made to the server. Keep in mind that if you are trying to connect to server on the same network segment, the traffic do not pass through ngaf firewall device (it's a lateral movement).
Newbie221001 Lv1Posted 06 Jun 2024 11:18
  
Hi, verify again the traffic incoming and outcoming from what interface zone ? and the you can configure on application control policies
fuadmahbubun Lv2Posted 06 Jun 2024 18:36
  
Hi, make sure that you have correct traffic flow, from source zone, source ip address, to destination zone and destination address.

here some example policy for rdp server that allow  only from one ip address, and deny all.

policy-rdp.png (44.86 KB, Downloads: 128)

policy-rdp.png

rdp-deny.png (37.11 KB, Downloads: 129)

rdp-deny.png

rdp-allow.png (24.02 KB, Downloads: 132)

rdp-allow.png

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders