Table of Contents
Advertisement
Firewall menu options
Access control
[Optional] Select a service to block from the Blocked Services list.
7
Click Submit.
8
Editing a security policy group
From the Firewall menu, click Access Control > Policy tab. The Policy Enforcement page appears.
1
In the Security Group pane, click the edit icon for the security group you want to edit.
2
The Modify Security Policy Group page appears. Make your changes and click Finish.
3
Deleting a security policy group
From the Firewall menu, click Access Control > Policy tab. The Policy Enforcement page appears.
1
In the Security Group pane, click the delete icon for the security group you want to delete.
2
Managing policy enforcement scripts
In addition to enforcing the services aspect of security groups, it is possible to include a number of NASL
scripts in the /etc/config directory on the appliance and to define some or all of these to be run against the
target hosts. Typically, one would use attack scripts from the Nessus suite to scan for specific vulnerabilities
and exploits on a host. If any script detects such vulnerability, Internet access is again blocked. The list of
available scripts is automatically populated from the files ending with .nasl in the /etc/config directory.
Security groups may overlap with respect to hosts within them. In this case, a single allow service overrides
any number of denies of that same service.
Caution:
NASL scripts and overlapping groups do not interoperate particularly well and should be avoided.
Use the Script Management tab for management and testing of installed NASL scripts. By default, newly
uploaded scripts appear but are available for use with a policy enforcement group until it is either manually
enabled or fully validated.
Prerequisites:
• Enable and configure policy enforcement. See
• Create policy security groups for your organization. See
• Upload the NASL scripts you want to test. See
Testing an uploaded NASL script
From the Firewall menu, click Access Control > Script Management tab. The Manage Scripts page
1
appears
(Figure
217).
Figure 217 Script Management tab
To validate a script for use within policy enforcement it is advisable to execute the script against both
a host vulnerable to and a host invulnerable to the security vulnerability for which you are checking.
The table of scripts provides two testing buttons for this purpose. The table also contains two
checkboxes indicating if the two tests have been successfully executed for each script.
McAfee UTM Firewall 4.0.4 Administration Guide
Enabling security policy
Creating a security policy
Uploading a NASL
script.
enforcement.
group.
215
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
