Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 3150 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to block internal communication

Fabiano Melo

Hello all!

 

We need to block the communication between 2 hosts on the same network (computer 10.1.1.23 should not send/receive data from device 10.1.1.56)

We tried to block all services between these IPs, but nothing happened.

I've read somewhere that it could be due to these IPs are on the same subnet, but unfortunately, we cannot change any of these IPs :(

We have Sophos UTM9 as our Firewall.

If Sophos is not able to handle it for any reason, is there a known way to make this happens?

 

Important details:

Computer 23 will only be able to send/receive data from device 56 for a few hours/day. That means we will have to activate/deactivate that "rule" constantly;

Computer 23 is a shared computer. So, preferentially, the blocking thing has to be made (1) remotely or (2) somewhere without accessing the computer itself.

 

Thank you so much! Have all a great weekend!



This thread was automatically locked due to age.
  • 0

    I don't think this is possible.  For the reason you mentioned, both clients are on the same subnet, which means the rules in UTM don't apply because traffic never goes through the default gateway.

    I think there's several ways to deal with this.

    1) vlans - by having devices on different vlans forces them to communicate through the UTM.  This may introduce additional latency or have other effects

    2) Managed switches may have security features to configure such a rule.

    What type of data are you trying to block between the two pc's?

  • 0 in reply to Jay Jay

    Hi Jay Jay, thanks for the quick reply!

     

    This computer 23 receives employees times from the device 56. The thing is: there are around 4 persons that connect every a few minutes to retrieve the new data (we don't know why), and this is making our device 56 runs slowly and we had DB issues (corrupted data) 3 times this year already (we believe that's due the high checking frequency). We tried to talk to them to check only when necessary, but this "rule" only works on the first week, then everything goes backs to "normal".

     

    We tried to use the HOSTS file to block the connection, but the HOSTS file does not work with IPs :/

     

    We are looking for a kind of software firewall that can be enable-disable remotely, but we didn't found any yet :(
    That way we can set a time to retrieve the data. For example, between 07:00-08:00, 11:00-11:30, 14:00-14:30 and 17:30-18:30

     

    Thanks again!

  • 0 in reply to Fabiano Melo

    Fabiano Melo said:

    This computer 23 receives employees times from the device 56. The thing is: there are around 4 persons that connect every a few minutes to retrieve the new data (we don't know why), and this is making our device 56 runs slowly and we had DB issues (corrupted data) 3 times this year already (we believe that's due the high checking frequency). We tried to talk to them to check only when necessary, but this "rule" only works on the first week, then everything goes backs to "normal".

    Perhaps your strategy should be to determine why those clients are trying to connect so often.  Maybe something in group policy can be configured for the pc's in question.  Or better yet determine what is connecting and why.

    As I mentioned, the only solution I can think of is some kind of blocking on a switch level.

    Another idea is to configure computer 23 to only receive data from device 56.  Is this a windows pc?  OS version?  If I recall windows firewall allows you to create such permissions.

  • 0 in reply to Jay Jay

    So, they told my colleague once that they need to check always they see someone (employee) in the parking lot or somewhere else and check if that person punched out. The #1 rule is to punch out always that you are leaving the office. But, honestly, I don't see too many people leaving the office during the day. I think they could write down who they saw out of the office, as the time and then check only once a day. Don't need to connect every 15 minutes...

    The problem using Windows Firewall is because we are trying to avoid having to RDC to this computer to enable, then disable, then enable... and so on, all day long. That's why we are looking for a way to do this by Sophos, or HOSTS file (that can be editable remotely. Just need to keep the file open on our computer and save with on or off, for example), or even through the DC computer, with no luck yet. :(

    We tried a couple of simple firewalls to use with a macro and scheduled task, but they did not work as expected.

    The computer 23 is a virtual Windows 7 computer.

     

    Thanks for the help!

Unfiltered HTML