1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Software
  5. HISCDE-AB-IA - Host Intrusion Prevention
  6. Product manual

Configuring The Firewall Options Policy - McAfee HISCDE-AB-IA - Host Intrusion Prevention Product Manual

Product guide for use with epolicy orchestrator 4.5
Hide thumbs
Table of Contents

Advertisement

Configuring Firewall Policies
Enable firewall protection
• Allow only outgoing traffic until the Host IPS service has started — Select to allow
outgoing traffic but no incoming traffic until the Host IPS firewall service has started on the
client.
• Enable IP spoof protection — Select to block network traffic from non-local host IP
addresses or from local processes that attempt to spoof their IP address.
• Send events to ePO for TrustedSource violations — Select to send events to the ePO
server if the TrustedSource block threshold setting for incoming or outgoing traffic is matched.
• Incoming TrustedSource block threshold — Select from the list the TrustedSource
rating at which to block incoming traffic from a network connection. Options include: High
Risk, Medium Risk, Unverified, and Do not block.
• Outgoing TrustedSource block threshold — Select from the list the TrustedSource
rating at which to block outgoing traffic to a network connection. Options include: High
Risk, Medium Risk, Unverified, and Do not block.
Stateful firewall settings
The stateful firewall settings are available:
• FTP protocol inspection — A stateful firewall setting that allows FTP connections to be
tracked so that they require only one firewall rule for outgoing FTP client traffic, and one
for incoming FTP server traffic. If this option is not selected, FTP connections require an
additional rule for incoming FTP client traffic and outgoing FTP server traffic. This should
always be selected.
• TCP connection timeout — The time in seconds a TCP connection that is not established
remains active if no more packets matching the connection are sent or received.
• UDP and ICMP echo virtual connection timeout — The time in seconds a UDP or ICMP
echo virtual connection remains active if no more packets matching the connection are sent
or received. It is reset to its configured value every time a packet that matches the virtual
connection is sent or received.
Policy selections
This policy category contains one preconfigured policy and an editable My Default policy, based
on the McAfee Default policy. You can view and duplicate preconfigured policies, and create,
edit, rename, duplicate, delete, and export custom policies.
The preconfigured policy has these settings:
McAfee Default
Firewall protection is disabled, and these options are selected to be applied when the firewall
is enabled:
• Allow bridged traffic
• Retain client rules
• Enable IP spoof protection
• Use FTP protocol inspection

Configuring the Firewall Options policy

Configure settings in this policy to turn firewall protection on and off or apply adaptive or learn
mode.
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
65

Advertisement

Table of Contents
loading

Related Manuals for McAfee HISCDE-AB-IA - Host Intrusion Prevention

Related Content for McAfee HISCDE-AB-IA - Host Intrusion Prevention

This manual is also suitable for:

Host intrusion prevention 8.0

Table of Contents