Hi,
if I understand the Tetration SW-agent documentation correctly the sw-agent uses the built-in firewall of the operating system to enforce agent policies.
So when the software agent is installed on a Windows system, the Windows Firewall would be used to enforce the Tetration policies.
But in my knowledge the Microsoft Windows (Personal) Firewall is not able to handle the rule-ording of allow and drop rules. Drop rules are always enforced before any allow rule.
So I would expect that I am not able to configure every kind of policy logic as this is normal within enterprise firewall products.
Sample:
Policy Priority #1 => source=10.1.1.1 destination=any protocol=icmp action=allow
Policy Priority #2 => source=10.1.1.0/24 destination=any protocol=icmp action=deny
Policy Priority #3 => source=any destination=any protocol=icmp action=allow
Is this correct or have I made any wrong assumption?
Kind Regards,
Chris