Chris,
The automatic policies take precedence over the remote access
policies. In this case you would need to turn off the "Automatic
Accept All Policy" in the tunnel definition and create explicit
policies to accept the allowed connection in the Remote Access
Policies. At the top of your remote access policy you could then add
a Deny anything from the IP address.
For similar services you can create address objects and uses services
to keep your policies list small.
I would go as far as Black Listing the domain as using the Mail
Sentinel email proxy.
David
At 07:15 PM 12/29/2006, Chris Green wrote:
I want to block an ip at the firewall from accessing any
services. If i create a remote access security policy to do this it
is not effective since automatic filters are processed first. What
can I do besides undoing all of my automatic filters and making my
configuration painful?
Chris Green
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
