Static Ipblock

good morning,
in my trust lan I don't use DHCP, the PCs can only navigate with static IP, I was wondering if it is possible to "mark" these PCs as active for browsing so as to avoid that if someone tries to insert a new PC in the trust with static IP, can navigate.

Thanks, Christian

Comments

  • edited January 28
    1. Create an Alias which includes the IP addrs or IP addr range(s) of these PCs.
    2. Use these in your existing HTTP & HTTPS policies in the From: field.
    3. Add a HTTP & HTTP policy From: Any-trusted To: Any-external, set to denied, and make sure that these policies are below the existing HTTP & HTTPS policies.
    4. Consider doing egress filtering which requires you to add policies for all desired outgoing traffic. Turning on Logging on the Outgoing policy will help you identify the existing traffic being allowed by the Outgoing policy.
      Then disable or remove the Outgoing policy. Doing this will remove the need for step 3.
  • Thank you Bruce !!

Sign In to comment.