How The Host Ips Catalog Works - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Configuring Firewall Policies
Overview of Firewall policies
• Connection-specific DNS suffix = mycompany.com
• Default gateway address
• Isolate this Connection = yes
The computer has both LAN and wireless network adapters and connects to the corporate
network with a wired connection, but the wireless interface is still active, so it connects to a
hotspot outside the office. The computer connects to both networks because the rules for basic
access are at the top of the firewall rules list. The wired LAN connection is active and meets
the criteria of the corporate LAN group. The firewall processes the traffic through the LAN but
because connection isolation is enabled, all other traffic not through the LAN is blocked.
Connection isolation at a hotel
Connection rules are processed until the group with VPN connection rules is encounterd. This
group contains these settings:
• Connection type = virtual
• DNS suffix = vpn.mycompany.com
• IP Address = an address in a range specific to the VPN concentrator
• Isolate this Connection = yes
General connection rules allow the set-up of a timed account at the hotel to gain internet access.
The VPN connection rules allow connection and use of the VPN tunnel. After the tunnel is
established, the VPN client creates a virtual adapter that matches the criteria of the VPN group.
The only traffic the firewall allows is inside the VPN tunnel and the basic traffic on the actual
adapter. Attempts by other hotel guests to access the computer over the network, either wired
or wireless, are blocked.

How the Host IPS catalog works

The Host IPS catalog simplifies firewall rule and group creation by allowing you to reference
existing rules, groups, network addresses, applications, executables, and group location data.
In addition, you can reference executables for applications involved in IPS protection.
When referencing a catalog item, you create a dependent link between it and a firewall rule or
group. This means a change of the item in the catalog changes it wherever it is used. You can
also break the link between the catalog item and a rule or group, to remove the dependency.
The Host IPS Catalog, found in ePolicy Orchestrator under Policy, contains six pages listing
previously placed firewall rule and firewall group items. Items can be created individually in the
catalog, added by linking to them to ones created in new firewall and rule groups, or imported
from xml-format exports of Firewall Rules policies.
The catalog pages include:
• Group — List of firewall groups and properties
• Rule — List of firewall rules and properties
• Application — List of applications that can be referenced in a firewall group or rule
• Executable — List of executables attached to applications that can be referenced in a firewall
group or rule or in IPS- related applications
• Network — List of IP addresses that can be referenced in a firewall group or rule
58 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5