Block a single internal IP from access outside and outside access in

Hi,

In working to mitigate this APC Smartconnect exploit, I'd like to temporarily block our UPS's internal IP from access to the outside world on every port. I've tried creating both a proxy and a packet filter denying 443 and 80 to the APC's IP and even dragged them to the top of the policy list, yet the device is still accessible via the smartconnect portal. WG's documentation and use cases didn't help. I know this is an easy one for most of you, so please forgive the "noob" question.

Thank you!

Answers

  • Block access From: the APC To: Any-external

  • Hi Bruce, tried that, but don't know how to block a whole internal IP. The any-external part I'm across with, but how do I create the internal mapping/host to block? Thanks!

  • I'm not sure what you mean by "how to block a whole internal IP".
    If you mean - how to block all packet types from an internal IP addr, then use an Any packet, and move this policy to the top of your policies list.
    Set this policy to Denied.
    You can turn on Logging on this policy to see packets denied by it in Traffic Monitor.

  • Hi Bruce,

    Thanks again for wiring in on this. Will enable the logging. What I mean on the "whole IP" item was that, ex. Our APC has a static internal IP of 192.168.1.165. how do I create the policy to reflect the inside portion/IP mapping? Do I have to create an internal object on the firebox so it's "aware" of 192.168.1.165?

    Nearly there!

    -Raph
  • You specify that IP addr (192.168.1.165) in the From: field

    In the Web UI - From -> Add -> Member Type = Host IPv4

Sign In to comment.