Custom Application

  • 1
  • Question
  • Updated 2 years ago
I've been finding the firewall rules are little flaky, especially when using application rules. I've tried to create a testcase and found that if the Default Action is "Permit" then the rules don't work right (I haven't been able to create a testcase with the default as "Deny" but have had issues that way too).

User profile:



Test rule:



Custom application "sysadmin.pusd.org":





What happens:
When the custom application is added, access to all internal hosts becomes available. I can hit HTTP, HTTPS, RDP, SSH, and all other services to servers in the 10.0.0.0/8 network. If the application is removed, I can do DNS lookups and hit hosts outside of 10.0.0.0/8 and hosts in 10.0.0.0/8 are blocked as expected.

Expected behavior:
1. Default Action should have no effect on firewall rules, only if none of the rules match.
2. Custom applications should only permit or deny access as specified.


Thank you,
-Dan


AP230, Hive Manager on-premise 6.6r3a
Photo of Dan Mellem

Dan Mellem

  • 52 Posts
  • 1 Reply Like

Posted 2 years ago

  • 1
Photo of Dan Mellem

Dan Mellem

  • 52 Posts
  • 1 Reply Like
Contacted support. They are looking into this.