The deny rule, I believe, is disallowing anything, you need to set the role to deny. So when you are in policy manager and click on the Role in question, on the right side try to find where it says Access Control. Setting that to deny will block all traffic on that role. You then open use allow rules to permit the traffic you want.
Make sense? Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "Opportunities multiply as they are seized." - Sun Tzu From: [email protected] [mailto:[email protected]] Sent: Thursday, July 21, 2011 10:27 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Policy for N series switch Patrick, Thanks you for your reply. I set a deny rule for "IP destination" and a "IP TCP Port Bilateral" allow rule for RDP but I get nothing. Mike From: Patrick Printz [mailto:[email protected]] Sent: Thursday, July 21, 2011 9:56 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Policy for N series switch If you want to block all communication completely, you could create a policy set to deny and then add permit rules allowing the RDP port(s) to the 192.168.3.0 ip range. Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "Opportunities multiply as they are seized." - Sun Tzu From: [email protected] [mailto:[email protected]] Sent: Thursday, July 21, 2011 9:42 AM To: Enterasys Customer Mailing List Subject: [enterasys] Policy for N series switch All, I am trying to create a policy that blocks all communication between client computers except for RDP. My servers are on 192.168.2.0 and the clients are on 192.168.3.0 and I want to block all communications from 192.168.3.0 to 192.168.3.0 except RDP. Any insight would be appreciated. Thanks, Mike ________________________________ This e-mail and any attachments are solely for the use of the addressee and may contain L-3 proprietary information that may also be defined as U.S. Government export controlled technical data. If you are an unintended recipient of this e-mail, use, disclosure or distribution of its content is prohibited. Please notify the sender by return e-mail and immediately delete this message. * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] ________________________________ This e-mail and any attachments are solely for the use of the addressee and may contain L-3 proprietary information that may also be defined as U.S. Government export controlled technical data. If you are an unintended recipient of this e-mail, use, disclosure or distribution of its content is prohibited. Please notify the sender by return e-mail and immediately delete this message. * --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
