We are looking to implement agent based firewall rules to lock down the communication between DC's and SCCM servers we have 20+ of each and I am wondering what is the most feasible way of doing that? User Guide has pretty much no guidance on anything FW related. Any suggestions would be appreciated.
The Cortex XDR host-based firewall is IP/port/protocol based as you would find in Windows Firewall. You would have to create entries for the IP's (IPv4 or IPv6) along with the port/protocol information to create the restrictions or allow lists. You would do this under Endpoints > Policy Management > Extensions > Profiles > New Profile > Host Firewall. Once created and saved, you would then apply the entries in your Host Firewall extension profile to an extension policy rule.
Thank you for trying to help here, unfortunately I cant call it a solution for a few reasons: 1) this document was reviewed prior to posting the question here and it is not complete for many reasons 2) It is not apples to apples comparison with Windows firewall. One example of that would be inability to list IP's in the rules using comma, only ranges or individual IP's. I hope Engineering would change that at some point soon.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!