Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring Firewall Policies<br />
Overview of Firewall policies<br />
Connection isolation in connection-aware groups<br />
The connection isolation option in Connection-Aware Groups (CAG) prevents undesirable traffic<br />
from accessing a designated network through other active network interfaces on a computer,<br />
such as a wireless adapter connecting to a wi-fi hotspot while a wired adapter is connected to<br />
a LAN. When the Isolate this connection option is selected <strong>for</strong> a CAG, and an active Network<br />
Interface Card (NIC) matches the CAG criteria, the only types of traffic processed are traffic<br />
matching allow rules above the CAG in the firewall rules list, and traffic matching the CAG<br />
criteria. All other traffic is blocked.<br />
The process of connection isolation with Connection-Aware Groups begins when the firewall<br />
processes traffic against its list of rules until a Connection-Aware Group (CAG) is encountered.<br />
At the CAG:<br />
• If the traffic through a NIC matches the CAG’s criteria, the firewall evaluates the CAG’s rules<br />
<strong>for</strong> a match.<br />
• If the traffic through a NIC does not match the CAG’s criteria, and the connection isolation<br />
option is not enabled, the firewall skips the CAG and continues analyzing against the rules<br />
that follow the CAG.<br />
52<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>