Data Center Security

Hi--

I am hoping someone can point me in the right direction.  I need to create a policy that blocks a host from being able to talk to a number of subnets.  I assume this is possible in DCS Advanced.  I have tried to create a blank prevention policy and Global Policy Options -> Network Controls -> and then I add an IP address, set the action to deny, and change the protocol to Both TCP and UDP.  I save it and apply it to a security group.  I drop my machine in the security group and verify it has updated, but I can still ping the IP address I just added and it never seems to stop.

Help would be greatly appreciated.

Thanks,
Mike

------------------------------
Mike
WaveRider Security
CA
------------------------------

The agent receive policy?
Policy: Prevention Enable?
The deny rule is  outbound?
The network configuration in the process set(Sandbox) that associated ping.exe use global network configuration?
Original Message:
Sent: 07-14-2020 08:12 PM
From: Mike Fefferman
Subject: Trying to create a prevention policy that blocks access to a list of IP's

Hi--

I am hoping someone can point me in the right direction.  I need to create a policy that blocks a host from being able to talk to a number of subnets.  I assume this is possible in DCS Advanced.  I have tried to create a blank prevention policy and Global Policy Options -> Network Controls -> and then I add an IP address, set the action to deny, and change the protocol to Both TCP and UDP.  I save it and apply it to a security group.  I drop my machine in the security group and verify it has updated, but I can still ping the IP address I just added and it never seems to stop.

Help would be greatly appreciated.

Thanks,
Mike

------------------------------
Mike
WaveRider Security
CA
------------------------------