How I can Use host Firewall on Cortex XDR for blocked RDP conexion

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How I can Use host Firewall on Cortex XDR for blocked RDP conexion

L1 Bithead

Hi everyone, I'm new user of cortex.

 

I need your help to use Host Firewall on Cortex for block RDP coneccions and permit only some groups,

 

I can block it using port, but I need allow conexion for IT group, i created two rules, one blocked RDP ports on both directions for everybody and the other allow traffic, and the target of second policy is just for IT groups. the second rule is at the top but. This not workings...

 

I need integrate other app like cloud identity engine or I can do it only with cortex?

 

thanks you for your help with this topics

 

Best!

 

Cortex XDR 

1 REPLY 1

L3 Networker

Hello Rolando_Pena, 

 

Please confirm that you don't have any 'allow' rules that might be conflicting, and that the policy is correctly targeting the agent/endpoints that you're testing. I suggest assigning a different profile to the policy for the IT group that is allowed access, and the endpoints that you are testing, then confirm the agent has checked in to receive the policy configuration. 

 

You may enable "Report Matched Traffic" for troubleshooting:

jtalton_0-1701125065032.png

 

Host Firewall for Windows • Cortex XDR Pro Administrator Guide • Reader • Palo Alto Networks documen...

 

If you found this answer helpful please select Accept as Solution.

 

Thank you

If you found this answer helpful, please select Accept as Solution.
  • 1446 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!