Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3656
Views
0
Helpful
0
Replies

Tetration Policy Enforcement for Windows system - Ordering an allow-rule before drop-rule?

CHRISTOPH WAGNER
Level 1
Level 1

‎01-01-2019 11:05 PM

Hi,
if I understand the Tetration SW-agent documentation correctly the sw-agent uses the built-in firewall of the operating system to enforce agent policies.

So when the software agent is installed on a Windows system, the Windows Firewall would be used to enforce the Tetration policies.

But in my knowledge the Microsoft Windows (Personal) Firewall is not able to handle the rule-ording of allow and drop rules. Drop rules are always enforced before any allow rule.

 

So I would expect that I am not able to configure every kind of policy logic as this is normal within enterprise firewall products.

 

Sample:

Policy Priority #1 => source=10.1.1.1 destination=any protocol=icmp action=allow

Policy Priority #2 => source=10.1.1.0/24 destination=any protocol=icmp action=deny

Policy Priority #3 => source=any destination=any protocol=icmp action=allow

 

Is this correct or have I made any wrong assumption?

Kind Regards,

Chris

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents