Table of Contents
Advertisement
Configuring Firewall Policies
Overview of Firewall policies
The filtering process includes the following:
1
The firewall compares an incoming packet against entries in the state table. If the packet
matches any entry in the table, the packet is immediately allowed. If not, the configurable
firewall rules list is examined.
NOTE:
A state table entry is considered a match if the Protocol, Local Address, Local Port,
Remote Address and Remote Port match those of the packet.
2
If the packet matches an allow rule, it is allowed and an entry is created in the state table.
3
If the packet matches a block rule, it is blocked.
4
If the packet does not match any configurable rule, it is blocked.
Figure 3: Stateful filtering process
How stateful packet inspection works
Stateful packet inspection combines stateful filtering with access to application-level commands,
which secures protocols such as FTP.
FTP involves two connections: control for commands and data for the information. When a
client connects to an FTP server, the control channel is established, arriving on FTP destination
port 21, and an entry is made in the state table. If the option for FTP inspection has been set
with the Firewall Options policy, when the firewall encounters a connection opened on port 21,
it knows to perform stateful packet inspection on the packets coming through the FTP control
channel.
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
61
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention
Related Products for McAfee HISCDE-AB-IA - Host Intrusion Prevention
- McAfee Agent 4.0
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE ANTI-THEFT FILE PROTECTION
- McAfee AVDCDE-AA-AA - Active Virus Defense Suite
- McAfee AVDCDE-BA-CA - Active Virus Defense Suite
- McAfee AVM85M - VirusScan For Mac
- McAfee Data Loss Prevention 9.2.1
- McAfee DFFCDE-AA-DA - Endpoint Encryption For Files