I would like to be able to assign a different RISK rating on the same app, say RDP.
If RDP is seen on the management zone I would rate that as a RISK 2, however if seen on the Internal zone I would rate that as RISK 5. Does anyone know a way to do this short of having different firewalls for each zone?
You could create a custom applicaiton for RDP traffic for one of those zones and then utilize an applicaiton override policy for labeling all rdp traffic from the internal zone as the new 'rdp-risk5' application. It's admitably a pretty 'hack' way of doing things, but it'll work for what you are trying to do.
you want to hit 2 birds with one stone, you could split everyday traffic from management segment by splitting up the two into 2 separate VSYS
in each vsys you can perfectly assign different risk factors to the same application and you get to physically treat the connections differently as they flow through a separate vsys (no risk of accidental overflow)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!