Options
Block a single internal IP from access outside and outside access in
Hi,
In working to mitigate this APC Smartconnect exploit, I'd like to temporarily block our UPS's internal IP from access to the outside world on every port. I've tried creating both a proxy and a packet filter denying 443 and 80 to the APC's IP and even dragged them to the top of the policy list, yet the device is still accessible via the smartconnect portal. WG's documentation and use cases didn't help. I know this is an easy one for most of you, so please forgive the "noob" question.
Thank you!
0
Sign In to comment.
Answers
Block access From: the APC To: Any-external
Hi Bruce, tried that, but don't know how to block a whole internal IP. The any-external part I'm across with, but how do I create the internal mapping/host to block? Thanks!
I'm not sure what you mean by "how to block a whole internal IP".
If you mean - how to block all packet types from an internal IP addr, then use an Any packet, and move this policy to the top of your policies list.
Set this policy to Denied.
You can turn on Logging on this policy to see packets denied by it in Traffic Monitor.
Thanks again for wiring in on this. Will enable the logging. What I mean on the "whole IP" item was that, ex. Our APC has a static internal IP of 192.168.1.165. how do I create the policy to reflect the inside portion/IP mapping? Do I have to create an internal object on the firebox so it's "aware" of 192.168.1.165?
Nearly there!
-Raph
You specify that IP addr (192.168.1.165) in the From: field
In the Web UI - From -> Add -> Member Type = Host IPv4