I want to block the whole Internet for particular hosts. In this case I used policy 'Any" which basically blocks every single port (tcp+udp I believe). In FROM field I put particular IP address from host, and in TO I put any. I uploaded the config and it's not working. I have still access to everything from that host. However, if I just block port 80 for example, http is not reachable. The problem is, that I want to block everything. Just cut it off. Any ideas why ANY protocols is not working? Best regards.
Asked
Active
Viewed 909 times
1 Answers
1
The order of the firewall rules/policies that you have added is important because they are matched in order. For example, if there is an allow rule for all on top, it will get matched first and the deny rule down below will never get matched. So, put the deny policy at the top above other allow rules and it should work.
For investigation, if you have logging for policies enabled, you can see which policy is getting matched for the request.
Diamond
- 8,791
- 3
- 22
- 37