How about a feature request on this one? I am finding the need to block
addresses, or entire blocks of IPs in some cases and cannot do so
without completely reworking my entire setup. We now manage about 60+
firewalls, most of them GTA.
David Brooks wrote:
Chris,
The automatic policies take precedence over the remote access
policies. In this case you would need to turn off the "Automatic
Accept All Policy" in the tunnel definition and create explicit
policies to accept the allowed connection in the Remote Access
Policies. At the top of your remote access policy you could then add
a Deny anything from the IP address.
For similar services you can create address objects and uses services
to keep your policies list small.
I would go as far as Black Listing the domain as using the Mail
Sentinel email proxy.
David
At 07:15 PM 12/29/2006, Chris Green wrote:
I want to block an ip at the firewall from accessing any services.
If i create a remote access security policy to do this it is not
effective since automatic filters are processed first. What can I do
besides undoing all of my automatic filters and making my
configuration painful?
Chris Green
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
