06-30-2014 05:18 AM
You would create an address group that contains all of the db servers.
then create a deny policy from this group to your internet zone as a block. Use log on session initiation to see what hits this rule.
06-30-2014 05:18 AM
You would create an address group that contains all of the db servers.
then create a deny policy from this group to your internet zone as a block. Use log on session initiation to see what hits this rule.
06-30-2014 05:54 PM
Another alternative is to open your Source NAT policy that broadly enables your network to gain internet access, and add the IP Addresses (or the Address Group as Steven Puluka suggested) to the Source Address group. You then check the box underneath that indicates "Negate". This will say: - "Do a Source NAT to enable internal network to gain internet access "except" if the source address is with these source addresses".
The Security Policy alternative mentioned by Steven is a better practice, and it will write access attempts to the traffic logs.
06-30-2014 06:22 PM
Hi satish,
By default In-coming Internet traffic is blocked for any Host behind the firewall. You may want to find out, why its allowed.
That would be a good first troubleshooting step.
Regards,
Hardik shah
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
.png "Satish"){kind=avatar}
