10-29-2024 04:50 PM
We put a machine in a custom policy, that uses a blacklist to blocks all internal IPs. We are using VPN 5.1.4.74 and endpoint 8.4.2.30317 on a windows 10 machine. The IP blacklist includes our FTDs, and ISE servers. We are still able to access the IPs on the blacklist even though it is applied to that policy.
Do you all have any ideas?
Solved! Go to Solution.
10-29-2024 06:58 PM
10-29-2024 05:20 PM
10-29-2024 05:53 PM
Thanks Ken,
That was exactly what I did. I am basically trying to make a policy for traveling users, to keep them out of our internal networks, and off our VPN until our desktop support guys can work on it. Do you think I am going about this the wrong way?
thanks,
10-29-2024 06:14 PM
10-29-2024 06:40 PM
Hi Ken,
Yep we are working with a full Cisco stack. We were trying to keep it inside of Secure Endpoint, but the DAP policy has come up in our talks. Our leadership is wanting to see if it can be done in Secure Endpoint, but if not we can scratch that off the list. Once an alert comes in that requires hands on it, and cannot be accomplished by our remote support tools, we will take the machine once an employee comes on prem.
Thanks for the guidance!
10-29-2024 06:58 PM
10-30-2024 04:17 AM
Ken is correct as usual regarding DFC and the new Host Firewall feature. I second his recommendation to use the Host Firewall feature or Endpoint Isolation, depending on the situation.
Thanks,
-Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide