Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring Firewall Policies<br />
Overview of Firewall policies<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> also supports a type of rule group that does affect how rules are<br />
handled. These groups are called connection-aware groups. Rules within connection-aware<br />
groups are processed only when certain criteria are met.<br />
Connection-aware groups let you manage rules that apply only when you connect to a network<br />
using a wired connection, a wireless connection, or a non-specific connection with particular<br />
parameters. In addition, these groups are network adapter-aware, so that computers with<br />
multiple network interfaces can have rules apply that are adapter- specific. Parameters <strong>for</strong><br />
allowed connections can include any or all of the following <strong>for</strong> each network adapter:<br />
• IP address<br />
• DNS suffix<br />
• Gateway IP<br />
• DHCP IP<br />
• DNS server queried to resolve URLs<br />
• WINS server used<br />
If two connection-aware groups apply to a connection, <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> uses normal<br />
precedence and processes the first applicable connection-aware group in its rule list. If no rule<br />
in the first connection-aware group matches, rule processing continues and may match a rule<br />
in the next group.<br />
When <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> matches a connection-aware group’s parameters to an active<br />
connection, it applies the rules within the connection group. It treats the rules as a small rule<br />
set and uses normal precedence. If some rules do not match the intercepted traffic, the firewall<br />
ignores them.<br />
A connection is allowed when all of the following conditions apply to a network adapter:<br />
• If Connection type is LAN.<br />
or<br />
If Connection type is Wireless.<br />
or<br />
If Connection type is Any and the DNS suffix list or the IP Address List is populated.<br />
• If IP Address List is selected, the IP address of the adapter must match one of the list<br />
entries.<br />
• If DNS Suffix is selected, the DNS suffix of the adapter must match one of the list entries.<br />
• If Default Gateway is selected, the default adapter Gateway IP must match at least one<br />
of the list entries.<br />
• If DHCP Server is selected, the adapter DHCP server IP must match at least one of the list<br />
entries.<br />
• If DNS Server List is selected, the adapter DNS server IP address must match any of the<br />
list entries.<br />
• If Primary WINS Server is selected, the adapter primary WINS server IP address must<br />
match at least one of the list entries.<br />
• If Secondary WINS Server is selected, the adapter secondary WINS server IP address<br />
must match at least one of the list entries.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
51