I have been trying to figure out if the IPS can find out if a computer is part of a certain Domain and if so block it.
I have setup where I want a PC from domain
Workgroup\PCNAME to be blocked or at least logged by the IPS. I currently use multple TCP, UDP, and uri functions but I have never tried to look up the domain of a PC. If anyone has tried this or if it is not even possible I would like to know. I know a NAC solution would work but we don't have that at this moment.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...