Table of Contents
Advertisement
Firewall menu options
Access control
• Default: 1800
Click Submit.
6
Disabling security policy enforcement
From the Firewall menu, click Access Control > Policy tab. The Policy Enforcement page appears.
1
Clear the Enable Policy Enforcement checkbox.
2
Click Submit.
3
Creating a security policy group
Use this procedure to create a security policy enforcement group. A selection of different hosts can be
defined along with allowed and disallowed services. The security policy enforcement feature of access
control periodically scans for policy adherence.
The actual definition of these policy groups is very flexible. In particular, hosts are allowed to be present in
multiple security policy groups. If this is the case, an allowed service in any of the groups overrides a
denied service in all the other groups to which the host belongs. Also, if additional security scripts are
specified, then all such scripts will be run against the target host once each and any single failure denies
access.
Prerequisites:
• Define addresses and services groups. See
• Enable policy enforcement. See
• Upload and test NSAL scripts (optional). See
scripts.
To create a security policy group:
From the Firewall menu, click Access Control > Policy tab. The Policy Enforcement page appears.
1
To configure a Security Group, click New. The Modify Security Policy Group page appears
2
Figure 216 Policy tab — Modify Security Policy Group
Enter a name for the policy group in the Name field. The Name field must be unique across all security
3
policy groups. The name can be 1 or more characters of any type.
[Optional] Enter a description in the Description field.
4
Select the host from the Scanned Host list. The entries available in the list are defined in the Addresses
5
page. For information, see
[Optional] Select a service group from the Allowed Services list. The service group specifies the services
6
which the hosts in this group are allowed to run. These services are not scanned for during the security
policy scans of the included hosts. The entries available in the list are defined in the Service Groups page.
For information, see
214
McAfee UTM Firewall 4.0.4 Administration Guide
Addresses page
Enabling security policy
Addresses
page.
Service Groups
page.
and
Creating a service
enforcement.
Uploading a NASL script
group.
and
Managing policy enforcement
(Figure
216).
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Related Manuals for McAfee SG310
Related Products for McAfee SG310
- McAfee SG720
- McAfee SAV85E - Active VirusScan - PC
- MCAFEE AGENT 4.0 PATCH 2 - FOR WINDOWS S 10-03-2009
- MCAFEE EPOLICY ORCHESTRATOR 4.0 PATCH 5 - S 12-05-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 1 - S 24-04-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 2 - S 31-08-2009
- MCAFEE VIRUSSCAN ENTERPRISE 8.7I PATCH 3 - S 09-02-2009
- McAfee SMEFCE-AI-DA - Email Security Service Inbound