Table of Contents
Advertisement
Configuring Firewall Policies
Define firewall protection
Does it introduce latency? How much?
When TrustedSource is contacted to do a reputation lookup, some latency is inevitable. McAfee
has done everything it can to minimize this.
First, a check of reputations is made only when the options are selected. Second, there is an
intelligent caching architecture. In normal network usage patterns, most desired connections
are resolved by the cache without a live reputation query.
What if the firewall can't reach the TrustedSource servers? Does traffic stop?
If the firewall cannot reach any of the TrustedSource servers, it automatically assigns all
applicable connections a default reputation that is allowed and an analysis of the rules that
follow continues.
Define firewall protection
Firewall rules determine how a system operates when it intercepts network traffic, permitting
or blocking it. You create and manage firewall rules by applying a Firewall Rules policy and
a Firewall DNS Blocking policy with the appropriate settings.
Firewall Rules policy selections
The Firewall Rules policy category contains two preconfigured policies and an editable My
Default policy, based on the McAfee Default policy. You can view and duplicate the
preconfigured policy, and edit, rename, duplicate, delete, and export editable custom policies.
Table 8: Preconfigured Firewall Rules policies
Policy
Minimal (Default)
Typical Corporate Environment
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
Usage
Use this policy for default minimal protection. lt does the
following:
•
Blocks any incoming ICMP traffic that an attacker could
use to gather information about your computer. Host
IPS allows all other ICMP traffic.
•
Allows Windows file sharing requests from computers
in the same subnet, and blocks file sharing requests
from anyone else (Trusted Networks policy must have
Include Local Subnet Automatically selected).
•
Allows you to browse Windows domains, workgroups,
and computers.
•
Allows all high incoming and outgoing UDP traffic.
•
Allows traffic that uses BOOTP, DNS, and Net Time
UDP ports.
Use this policy as a starting point and combine with the
results from applying the adaptive mode to learn and verify
any additional rules. This policy should generate fewer
learned client rules in adaptive mode as compared to
existing default firewall policies.
The policy is full-featured and meets the needs for most
organizational firewalls.
67
Advertisement
Table of Contents
Troubleshooting
