Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 8030 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall - Overriding Trusted LANs with Application Rules

MPGTucker

I am attempting to block a specific application (developed internally) from accessing an internal server on our local LAN. The problem is, I need all other applications to be able to access this server for other services, and need everything else in the IP range to be trusted. When I created the application rules with the range still trusted, the trusted status of the range ends up overriding the application rule and allowing the application to communicate.

I know this is a stupid question, because we're kind of in a stupid situation thanks to this application, but is it possible for the application rule to override the LAN rule? If not, is it possible to create exceptions in the LAN rule for a spcific IP I do not want to trust?

:58002


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the information.

    Checksums would be a mess for this application. I was looking at it yesterday and found out that even though the splash screen says "v21.0.0", the version in the application metadata and Windows Installer registry is "v1.0.0". I asked the project manager if there was a way of tracking what clients had what version of the application, but unfortunately that feature had not been considered. I believe my immediate response was "Can these people do anything right!?"

    Back to the firewall issue... I had assumed you were going to give the response that you did, so yesterday I broke down the range (172.17.0.0/255.255.255.0) into 18 separate entries with varying subnets to work around the two addresses I actually needed to block for that specific application. It's a filthy method and I don't like it, but it appears to be my only option until the next re-write of the software. The policy will only be applied to about 50 systems running this application anyway.

    :58014
Reply
  • 0

    Thanks for the information.

    Checksums would be a mess for this application. I was looking at it yesterday and found out that even though the splash screen says "v21.0.0", the version in the application metadata and Windows Installer registry is "v1.0.0". I asked the project manager if there was a way of tracking what clients had what version of the application, but unfortunately that feature had not been considered. I believe my immediate response was "Can these people do anything right!?"

    Back to the firewall issue... I had assumed you were going to give the response that you did, so yesterday I broke down the range (172.17.0.0/255.255.255.0) into 18 separate entries with varying subnets to work around the two addresses I actually needed to block for that specific application. It's a filthy method and I don't like it, but it appears to be my only option until the next re-write of the software. The policy will only be applied to about 50 systems running this application anyway.

    :58014
Children
No Data