I'm trying to block all incoming traffic with SEP11 firewall rules; I modified my rules and applied it to a test group but there are a handful of ports that are not getting blocked
I set my firewall rule as follows:
all outbound traffic / 5-major / service - local 1-65535 outgoing tcp and udp / action - allow
rdp / 5 -major / service - local 3389 tcp / action allow
all inbound traffic / 5-major / service - local 1-65535 incoming tcp and udp / action- block
I checked verified that the client is in the test group and has the new policy serial number. I can see traffic being block by my rule, but I am still able to browse the computer from the network. I used nmap to scan for open ports and the following ports are open: 135, 139, 445, 2701, 3389, 5357, 22201, 49152-49155 and 53388
Any ideas on what I'm overlooking?