02-22-2009 11:35 PM
02-24-2009 10:50 PM - edited 02-24-2009 11:03 PM
Regarding Outlook, try allow all in both directions,enable traffic logging on the policies. start outlook and see traffic log to findout what ports the exchange server and clients use and then remove allow all policy and create a policy allowing only the ports outlook/exchange works on.
you can have following resource access policies on IC for controlling access from remediation and quarantineVLANs:
1) for Secure Role allow all
2) for Quarantine Role Allow access only to servers you want(like AD server or server from where user can get certificate for becoming complied to your certificate policies ..etc)
3) For Remediation Rolle Deny All (or allow only resources you want to allow)
make sure you enabled 'infranet-auth' for policies towars Trust zone. otherwise ISG will not honor the resource access policies you created on IC.