Carmelo Jimenez Posted April 27, 2023 Share Posted April 27, 2023 I need to block some IP subnets from using the LB web-proxy VIP/Service.Googling around found a similar logic and I tailored it.Create these policies:> add responder policy "Drop_VDI_to_Proxy" "CLIENT.IP.SRC.IN_SUBNET(10.255.0.0/24) || CLIENT.IP.SRC.IN_SUBNET(10.200.0.0/24)" DROP> add responder policy "Allow-All-Other-IPs" TRUE NOOP! bind both responders policies to "web-proxy" vserver(s)! lower priority number for Drop_VDI_to_Proxy! higher priority number for Allow-All-Other-IPsWould this work? Link to comment Share on other sites More sharing options...
Aman Agrawal 2 Posted April 28, 2023 Share Posted April 28, 2023 Yes, this config will work.If you don't want to take any action on the other IPs, then you can remove the second policy "Allow-All-Other-IPs". Link to comment Share on other sites More sharing options...
Jens Beyer Posted May 25, 2023 Share Posted May 25, 2023 Second policy with TRUE is not needed at all. As long you are not on the subnet you are blocking it just gives you access. Not needed to configure that explicitly at the end. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now