Help creating a Policy to block all SMB except to 2 Domain Controllers

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I am asking advice on how to block ALL SMB traffic except to 2 domain controllers. This is to currently to block windows shares between end users.

I am using Policy Manager to push to EOS.
Photo of Jeremy Bullock

Jeremy Bullock

  • 324 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,650 Points 5k badge 2x thumb
For the most part, the ports in question would be listed here.

https://support.microsoft.com/en-us/kb/3185535

Although I would review it before using a trace to confirm what is there.
If you look at hthe Thread management in the default.pmd, there is a limit for 135,137 ports, you could block those, and or add in specific rules for the additional ports as needed, and then apply them to the roles for users, not the servers.

Does this assist?
Photo of Jeremy Bullock

Jeremy Bullock

  • 324 Points 250 badge 2x thumb
It helps narrow it down, thanks!

Is there a way to consolidate the rules within the role or will I have to have a rule for each port to be allowed to each DC? Plus a deny all SMB first (to rule them all). 
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,650 Points 5k badge 2x thumb
You should consolidate rules under a service. Then a role is typically populated in policy manager with services. You could create a service, add to an existing one etc. Does this help?