Table of Contents
Advertisement
Configuring Firewall Policies
Overview of Firewall policies
• Location — List of location-specific information for firewall groups
Table 7: Host IPS Catalog as source for items
Feature
Policy
Firewall
Firewall Rules
Firewall
Firewall Rules
Firewall
Firewall Rules
Firewall
Firewall Rules
Firewall
Firewall Rules
Firewall
Firewall Rules
IPS
IPS Rules
General
Trusted Applications
Catalog filters
Each catalog page contains a filter to search for items in the list on the page. Click Hide/Show
Filter Options to hide or show the filter, click Set Filter to filter with the criteria entered, click
Clear to reset the filter.
Copying from the catalog
When using the Firewall Rule Builder or Firewall Group Builder, click the Add from Catalog
button to add the appropriate item from the catalog. This creates a dependent link between
the items, which can be broken when required.
Adding to the catalog
You add to the catalog in one of three ways:
• Click New in the catalog page, enter the information, and save the item.
• Click Add to Catalog next to the item when creating or editing rules or groups using the
Firewall Rule Builder or Firewall Group Builder.
• Click Import to add previously exported Host iPS catalog data in .xml format.
NOTE:
Policy Catalog exports in .xml format are not compatible with the Host IPS Catalog
.xml format. This means you cannot export a Firewall Rules policy from the Policy Catalog
and import it in to the Host IPS Catalog to populate it with firewall rules data from the policy.
To get firewall policy data into the Host IPS Catalog, use the Add to Catalog links.
Firewall stateful packet filtering and inspection
The firewall in Host Intrusion Prevention provides both stateful packet filtering and stateful
packet inspection.
Stateful packet filtering is the stateful tracking of TCP/UDP/ICMP protocol information at Transport
Layer 4 and lower of the OSI network stack. Each packet is examined and if the inspected
packet matches an existing firewall allow rule, the packet is allowed and an entry is made in a
state table. The state table dynamically tracks connections previously matched against a static
rule set, and reflects the current connection state of the TCP/UDP/ICMP protocols. If an inspected
packet matches an existing entry in the state table, the packet is allowed without further scrutiny.
When a connection is closed or times out, its entry is removed from the state table.
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Policy item
Firewall Rule
Firewall Group
Firewall Group Location
Firewall Rule/Group
Firewall Rule/Group
Firewall Rule/Group Application
Application Protection Rule
Trusted Application
Catalog item
Dependency
Rule
Yes
Group
Yes
Location
Yes
Network
Yes
Application
Yes
Executable
Yes
Executable
No
Executable
No
59
Advertisement
Table of Contents
Troubleshooting
