Forum Discussion

Ryan_34424's avatar
Ryan_34424
Icon for Altostratus rankAltostratus
Apr 27, 2017

APM :: Prohibit Route Table Changes :: Exceptions?

Is anybody aware of a way to prohibit route table changes via APM policy, with exception of a specific network?

 

For example, a group within the organization that works in sales wants to use tablets that connect back to HQ and they want to present using Microsoft Miracast. The way this works is that it connects to a projector via wifi and injects a route into the route table for 192.168.173.0/24 - however when that happens, our VPN disconnects them because we prohibit route table changes.

 

 

If I disable this route table restriction, everything works great.

 

This is a problem though because I don't want the ability for anyone to inject routes that subverts the tunnel. But I'd like that specific subnet to be able to be injected into the route table.

 

Possible? Options?

 

Thanks for your ideas!

 

No RepliesBe the first to reply