Hi community
I have a question about the operation and / or operation of the Socket Filter Agent module. I am trying to prevent users from being able to make RDP and SSH connections from an authorized server to unauthorized servers, to achieve this I have installed the SFA agent and configured a blacklist type filter where I have specified the list of IP port 3389 to which I seek to restrict .
In the access policy I apply the Socket Filter but once the user connects to the server, he manages to perform RDP sessions to all the entity's servers.
What am I doing wrong?
------------------------------
Julian Riaño
------------------------------