1 Reply Latest reply on Dec 17, 2019 7:25 AM by scott28tt

    Suggestions for setting up Traffic Filtering and Marking Policy

    sandroalvesbrasil Enthusiast

      Hi,

       

      We want to configure some locks, but we are unsure what the best setting would be.

       

      Example:

       

      Network LAN Datacenter: 192.168.1.1 (Public NAT Routing)

      Network A: 10.10.1.0 - VMware Host Servers

      Network B: 10.10.2.0 - Infra-Basic Servers (AD, DNS, etc.)

      Network C: 10.10.3.0 - Web Applications Servers A

      Network E: 10.10.4.0 - Web Applications Servers B

      Network F: 10.10.5.0 - Database Servers

       

      Port Group A: 10.10.1.0 - VMware Host Servers

      Port Group B: 10.10.2.0 - Infra-Basic Servers (AD, DNS, etc.)

      Port Group C: 10.10.3.0 - Web Applications Servers A

      Port Group E: 10.10.4.0 - Web Applications Servers B

      Port Group F: 10.10.5.0 - Database Servers

       

      We want to apply the following blocks:

       

      - No Port Group will have outbound restriction, will only have communication receive restriction for some ports and other Port Groups.

      - All Port Groups need to receive Port Groups B connections for DNS, Active Directory, NTP, and so on.

       

      a) Port Group F may only allow access to port 1433 for Port Groups C and E;

      b) Port Group C and E can only allow access to ports 80 and 443 for the Datacenter LAN Network (NAT Public Routing).

       

      Abstract:

       

      - Database servers can only accept connections from application servers on port 1433;

      - Web application servers can only accept connections on port 80 and 443 of the datacenter network that will have public access to the internet;

      - DNS, AD, and NTP servers must have connectivity to all existing servers.

       

      Doubt:

       

      - Should we create the release rules first and then a block rule all or vmware as soon as we create the release rules it automatically blocks the other connections automatically?

       

      Thank you.