- CheckMates
- :
- Products
- :
- Harmony
- :
- Harmony Browse
- :
- Re: Block outbound traffic except updates
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block outbound traffic except updates
Customer has a requirement to block all DMZ outbound traffic, except for updates and patches. They wanted to block all browser traffic and allow everything else. For one thing, I found we need to turn on HTTPS inspection for that. My first question is, if we blocked browser traffic, would that allow updates for their servers? Or would that traffic get blocked as well? My second question is, could we block all traffic except for updates to their servers, which I would have to analyze logs to find out what their attempts are? If so, what kind of objects would I use to allow updates and where are they in SmartConsole? Or is there a better way to do this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wow, thats a tricky one, for sure. I checked in my lab where I do have https inspection enabled and when you search for "update" in services and applications, you get a lot of things, 73 as a matter of fact. Now, if you search for same in updatable objects, there is about the same amount, but not sure if that would work the way they want either.
Maybe TAC case would not be a bad idea here to confirm this.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It depends on how the applications access their updates as to whether they will be treated as web browsing.
Depending on the application, there may be Updatable Objects that you can use in the Access Policy to allow traffic to the relevant locations.
HTTPS Inspection will likely not help here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats my thinking as well...https inspection may not be of much use in this case.