XDR agent based firewall for locking down communication between DC's&SCCM

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XDR agent based firewall for locking down communication between DC's&SCCM

L1 Bithead

Hello everyone,

 

We are looking to implement agent based firewall rules to lock down the communication between DC's and SCCM servers we have 20+ of each and I am wondering what is the most feasible way of doing that? User Guide has pretty much no guidance on anything FW related. Any suggestions would be appreciated.

 

2 REPLIES 2

L4 Transporter

Hi @DmitriPoberejnii-

 

The Cortex XDR host-based firewall is IP/port/protocol based as you would find in Windows Firewall.  You would have to create entries for the IP's (IPv4 or IPv6) along with the port/protocol information to create the restrictions or allow lists.  You would do this under Endpoints > Policy Management > Extensions > Profiles > New Profile > Host Firewall.  Once created and saved, you would then apply the entries in your Host Firewall extension profile to an extension policy rule.   

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/harde...


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 

Thank you for trying to help here, unfortunately I cant call it a solution for a few reasons: 1) this document was reviewed prior to posting the question here and it is not complete for many reasons 2) It is not apples to apples comparison with Windows firewall. One example of that would be inability to list IP's in the rules using comma, only ranges or individual IP's. I hope Engineering would change that at some point soon.

  • 3464 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!