This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help creating a Policy to block all SMB except to 2 Domain Controllers

Help creating a Policy to block all SMB except to 2 Domain Controllers

Jeremy_Bullock
New Contributor II

‎08-31-2016 11:26 AM

I am asking advice on how to block ALL SMB traffic except to 2 domain controllers. This is to currently to block windows shares between end users.

I am using Policy Manager to push to EOS.

0 Kudos
3 REPLIES 3

Mike_Thomas
Extreme Employee

‎08-31-2016 05:40 PM

You should consolidate rules under a service. Then a role is typically populated in policy manager with services. You could create a service, add to an existing one etc. Does this help?
0 Kudos

Jeremy_Bullock
New Contributor II

‎08-31-2016 12:48 PM

It helps narrow it down, thanks!

Is there a way to consolidate the rules within the role or will I have to have a rule for each port to be allowed to each DC? Plus a deny all SMB first (to rule them all).
0 Kudos

Mike_Thomas
Extreme Employee

‎08-31-2016 11:37 AM

For the most part, the ports in question would be listed here.

https://support.microsoft.com/en-us/kb/3185535

Although I would review it before using a trace to confirm what is there.
If you look at hthe Thread management in the default.pmd, there is a limit for 135,137 ports, you could block those, and or add in specific rules for the additional ports as needed, and then apply them to the roles for users, not the servers.

Does this assist?
0 Kudos
GTM-P2G8KFN