Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Westlund
Collaborator
Collaborator

Block outbound traffic except updates

Customer has a requirement to block all DMZ outbound traffic, except for updates and patches. They wanted to block all browser traffic and allow everything else. For one thing, I found we need to turn on HTTPS inspection for that. My first question is, if we blocked browser traffic, would that allow updates for their servers? Or would that traffic get blocked as well? My second question is, could we block all traffic except for updates to their servers, which I would have to analyze logs to find out what their attempts are? If so, what kind of objects would I use to allow updates and where are they in SmartConsole? Or is there a better way to do this?

0 Kudos
3 Replies
the_rock
Legend
Legend

Wow, thats a tricky one, for sure. I checked in my lab where I do have https inspection enabled and when you search for "update" in services and applications, you get a lot of things, 73 as a matter of fact. Now, if you search for same in updatable objects, there is about the same amount, but not sure if that would work the way they want either.

Maybe TAC case would not be a bad idea here to confirm this.

Andy

0 Kudos
PhoneBoy
Admin
Admin

It depends on how the applications access their updates as to whether they will be treated as web browsing.
Depending on the application, there may be Updatable Objects that you can use in the Access Policy to allow traffic to the relevant locations.

HTTPS Inspection will likely not help here.

the_rock
Legend
Legend

Thats my thinking as well...https inspection may not be of much use in this case.

0 Kudos
Upcoming Events

    CheckMates Events