Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-21-2023 02:50 PM
We recently completed a migration and I am in clean up mode. I would like to utilize applications but we do some no decryptions exceptions rules that bypass decryption. I am concerned that without decrypting, the rule will break and traffic won't flow. What is a safe way to begin transitioning from services to applications?
06-22-2023 08:52 AM
Build the application rule above the rule that you currently have utilizing services. Once you verify that the application rule has been tuned to match traffic properly (without decryption you'll need to make adjustments for WinRM over HTTPS as an example) the service rule should stop getting hit.
When it comes to cleaning up the service rules that all depends on your environment and appetite of risk. I've had some people just delete the service rule when the application rule is matching traffic, I'll have some people setup alerting whenever the service rule is hit but leave it there for a month just as backup, I'll have have some people set the service rule to deny the traffic with the rule set to alert on any traffic and leave it around for a month; it all depends on your environment and what you decide to do.
06-22-2023 08:52 AM
Build the application rule above the rule that you currently have utilizing services. Once you verify that the application rule has been tuned to match traffic properly (without decryption you'll need to make adjustments for WinRM over HTTPS as an example) the service rule should stop getting hit.
When it comes to cleaning up the service rules that all depends on your environment and appetite of risk. I've had some people just delete the service rule when the application rule is matching traffic, I'll have some people setup alerting whenever the service rule is hit but leave it there for a month just as backup, I'll have have some people set the service rule to deny the traffic with the rule set to alert on any traffic and leave it around for a month; it all depends on your environment and what you decide to do.
06-22-2023 08:59 AM
Its funny you mention building the application rule above it because I've used that technique in many other situations but I just didnt think about it on this one for some reason. I really appreciate the thoughts and information.
Jim
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
