Thanks for your suggestion. I have configured whitelist.
Now the problem is i am not getting a warning message in CA PAM client while the violation is happening. I have followed the KB as suggested by CA.
CA PAM simply closing the RDP session without any warning message to the client. I have tried from IE as well but still same issue. TAC confirmed that they have tested in their Lab with same version (3.3) and it is working fine. Only difference in CA PAM client side is, we have disabled update check.
Original Message:
Sent: 11-18-2019 01:12 AM
From: TOMO FUJITA
Subject: SFA - Blacklist IP addresses
Just an idea;
Use whitelist filter with own host IP, then it would allow RDP access only to the own host.
Original Message:
Sent: 11-18-2019 01:04 AM
From: vijayakumarc chandrasekaran
Subject: SFA - Blacklist IP addresses
Hello Reatesh,
Yes, I have installed SFA on our windows server and configured necessary settings as per CA KB article. I have blacklisted 10.0.0.0/8 network under socket filter settings in CA PAM and it is working as expected. When i try to access RDP, it is closing automatically, so no issues on that. But my question is how to block all IP's instead of 10.0.0.0/8 ? I have tried to put 0.0.0.0/0 under blacklisted IP subnet but not working.
And also when RDP session is getting blocked, i am not getting any violation message it is simply closing the RDP window.
Original Message:
Sent: 11-18-2019 12:32 AM
From: Reatesh Sanghi
Subject: SFA - Blacklist IP addresses
Hello Vijay,
The best way to contain this would be to deploy CA PAM Socket filter agent and this would allow you to restrict uses from doing an RDP to a remote host after connecting the Target RD server using CA PAM.
Do look at the following to look at the supported OS for the Socket Filter Agent.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-2-6/release-information/supported-environments.html
Thanks,
Reatesh.
------------------------------
Principal Support Engineer
Broadcom
Original Message:
Sent: 11-17-2019 09:14 PM
From: vijayakumarc chandrasekaran
Subject: SFA - Blacklist IP addresses
HI,
I would like to restrict RDP access from server to any IP addresses. I am not able to configure "0.0.0.0/0" or "*" as a blacklisted IP addresses in CA PAM. Can you please help how to do it ?
Thanks,