Symantec Privileged Access Management

Hi community

I have a question about the operation and / or operation of the Socket Filter Agent module. I am trying to prevent users from being able to make RDP and SSH connections from an authorized server to unauthorized servers, to achieve this I have installed the SFA agent and configured a blacklist type filter where I have specified the list of IP port 3389 to which I seek to restrict .


In the access policy I apply the Socket Filter but once the user connects to the server, he manages to perform RDP sessions to all the entity's servers.

What am I doing wrong?

------------------------------
Julian Riaño
------------------------------

Hi Julian, Does the SFA port 8550 show as open from the PAM server? Use the Configuration > Tools page for a port scan. The configuration looks right for the one specific IP we see listed. If needed, please open a Support case for detailed review of the problem.
Original Message:
Sent: 08-10-2020 03:56 PM
From: Julian Riano
Subject: PAM 3.4.1 Socket Filter Agent not work as expected.

Hi community

I have a question about the operation and / or operation of the Socket Filter Agent module. I am trying to prevent users from being able to make RDP and SSH connections from an authorized server to unauthorized servers, to achieve this I have installed the SFA agent and configured a blacklist type filter where I have specified the list of IP port 3389 to which I seek to restrict .

In the access policy I apply the Socket Filter but once the user connects to the server, he manages to perform RDP sessions to all the entity's servers.

What am I doing wrong?

------------------------------
Julian Riaño
------------------------------