XDR agent based firewall for locking down communication between DC's&SCCM

Reply
Highlighted

XDR agent based firewall for locking down communication between DC's&SCCM

Hello everyone,

 

We are looking to implement agent based firewall rules to lock down the communication between DC's and SCCM servers we have 20+ of each and I am wondering what is the most feasible way of doing that? User Guide has pretty much no guidance on anything FW related. Any suggestions would be appreciated.

 

Highlighted
L4 Transporter

Hi @DmitriPoberejnii-

 

The Cortex XDR host-based firewall is IP/port/protocol based as you would find in Windows Firewall.  You would have to create entries for the IP's (IPv4 or IPv6) along with the port/protocol information to create the restrictions or allow lists.  You would do this under Endpoints > Policy Management > Extensions > Profiles > New Profile > Host Firewall.  Once created and saved, you would then apply the entries in your Host Firewall extension profile to an extension policy rule.   

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/harde...


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Highlighted

Thank you for trying to help here, unfortunately I cant call it a solution for a few reasons: 1) this document was reviewed prior to posting the question here and it is not complete for many reasons 2) It is not apples to apples comparison with Windows firewall. One example of that would be inability to list IP's in the rules using comma, only ranges or individual IP's. I hope Engineering would change that at some point soon.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!