The Green Girl needed a way to be able to remotely access endpoints in active Cisco AMP Endpoint Isolation.
Following the Cisco AMP for Endpoints User Guide, my objective was to whitelist both the public and private IPs for my company’s Bomgar server.
Isolation IP Allow Lists are located under Outbreak Control > IP Block & Allow Lists > Isolation IP Allow Lists.
I created a new IP List, named it Bomgar, entered the FQDN for the Description, added the private and public IPs, and hit Save.
The ‘Bomgar’ Isolation IP Allow List was created.
Then, I had to apply this new IP Allow List to the Policies so I went to Management > Policies, picked the appropriate policy, clicked Edit, went to Advanced Settings > Endpoint Isolation, checked the box for ‘Allow Endpoint Isolation’, clicked the ‘Select Lists’, and then highlighted the Bomgar list I’d just created.
The newly created Isolation IP Allow List was listed so I clicked Save.
Having Bomgar remote desktop access will be helpful to our team when troubleshooting hosts in Isolation.