This is an old thread but I recently learned how to do this without
creating a default deny role and I wanted to share.
The "logical" way to do in a default allow role is with two rules -
* A deny rule for IP destination of X (layer 3 rule)
* An allow rule for IP TCP Port Destination matching IP X (layer 4 rule)
However the layer 3 rule will take precedence over the layer 4 rule and
all traffic including RDP to X will be blocked.
You can create two layer 3 rules instead -
* A deny rule for IP destination of X (same as above)
* An allow rule for IP socket destination with IP X and port 3389
This time, the second rule will take precedence for packets destined for
port 3389 to IP X, and you can keep the default allow role.
--
Kay Avila
Network Engineer, ITS-Network Services
University of Northern Iowa
On 7/21/11 9:49 AM, [email protected] wrote:
Arturo,
Thanks you for your assistance. Patrick was able to assist me with the
same information.
Thanks,
Mike
*From:*Arturo Aguilar [mailto:[email protected]]
*Sent:* Thursday, July 21, 2011 10:42 AM
*To:* Enterasys Customer Mailing List
*Cc:* Enterasys Customer Mailing List
*Subject:* Re: [enterasys] Policy for N series switch
Hello Patrick, try this, create a Role with deny all and a service with
rules that permit RDP.
Regards.
Sent from my iPhone
On 21/07/2011, at 08:55, "Patrick Printz" <[email protected]
<mailto:[email protected]>> wrote:
If you want to block all communication completely, you could create
a policy set to deny and then add permit rules allowing the RDP
port(s) to the 192.168.3.0 ip range.
*Patrick Printz*
*Network Infrastructure*
Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529
"Opportunities multiply as they are seized."
- Sun Tzu
*From:*[email protected] <mailto:[email protected]>
[mailto:[email protected]]
*Sent:* Thursday, July 21, 2011 9:42 AM
*To:* Enterasys Customer Mailing List
*Subject:* [enterasys] Policy for N series switch
All,
I am trying to create a policy that blocks all communication between
client computers except for RDP. My servers are on 192.168.2.0 and
the clients are on 192.168.3.0 and I want to block all
communications from 192.168.3.0 to 192.168.3.0 except RDP. Any
insight would be appreciated.
Thanks,
Mike
------------------------------------------------------------------------
This e-mail and any attachments are solely for the use of the
addressee and may contain L-3 proprietary information that may also
be defined as U.S. Government export controlled technical data. If
you are an unintended recipient of this e-mail, use, disclosure or
distribution of its content is prohibited. Please notify the sender
by return e-mail and immediately delete this message.
* --To unsubscribe from enterasys, send email to [email protected]
<mailto:[email protected]> with the body: unsubscribe enterasys
[email protected] <mailto:[email protected]>
* --To unsubscribe from enterasys, send email to [email protected]
<mailto:[email protected]> with the body: unsubscribe enterasys
[email protected] <mailto:[email protected]>
* --To unsubscribe from enterasys, send email to [email protected]
<mailto:[email protected]> with the body: unsubscribe enterasys
[email protected]
------------------------------------------------------------------------
This e-mail and any attachments are solely for the use of the addressee
and may contain L-3 proprietary information that may also be defined as
U.S. Government export controlled technical data. If you are an
unintended recipient of this e-mail, use, disclosure or distribution of
its content is prohibited. Please notify the sender by return e-mail and
immediately delete this message.
* --To unsubscribe from enterasys, send email to [email protected]
<mailto:[email protected]> with the body: unsubscribe enterasys
[email protected]
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
