Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Configuring Firewall Policies Overview of Firewall policies Connection isolation in connection-aware groups The connection isolation option in Connection-Aware Groups (CAG) prevents undesirable traffic from accessing a designated network through other active network interfaces on a computer, such as a wireless adapter connecting to a wi-fi hotspot while a wired adapter is connected to a LAN. When the Isolate this connection option is selected for a CAG, and an active Network Interface Card (NIC) matches the CAG criteria, the only types of traffic processed are traffic matching allow rules above the CAG in the firewall rules list, and traffic matching the CAG criteria. All other traffic is blocked. The process of connection isolation with Connection-Aware Groups begins when the firewall processes traffic against its list of rules until a Connection-Aware Group (CAG) is encountered. At the CAG: • If the traffic through a NIC matches the CAG’s criteria, the firewall evaluates the CAG’s rules for a match. • If the traffic through a NIC does not match the CAG’s criteria, and the connection isolation option is not enabled, the firewall skips the CAG and continues analyzing against the rules that follow the CAG. 52 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Configuring Firewall Policies Overview of Firewall policies • If the traffic through a NIC does not match the CAG criteria, and the connection isolation option is enabled, the traffic is blocked. Figure 18: Network connection isolation As examples of using the connection isolation option, consider two settings: a corporate environment and a hotel. The active firewall rules list contains rules and groups in this order: 1 Rules for basic connection 2 VPN connection rules 3 CAG with corporate LAN connection rules 4 CAG with VPN connection rules. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 53
Page 1 and 2: McAfee Host Intrusion Prevention 7.
Page 3 and 4: Contents Introducing Host Intrusion
Page 5 and 6: Contents Creating firewall rule gro
Page 7 and 8: Introducing Host Intrusion Preventi
Page 13 and 14: Managing Your Protection Management
Page 25 and 26: Configuring IPS Policies Overview o
Page 27 and 28: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 51: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 69 and 70: Configuring Application Blocking Po
Page 77 and 78: Configuring General Policies Workin
Page 87 and 88: Working with Host Intrusion Prevent
Page 103 and 104:
Working with Host Intrusion Prevent
Page 105 and 106:
Working with Host Intrusion Prevent
Page 107 and 108:
Index clients (continued) updating
Page 109 and 110:
Index McAfee Default policy (contin
Page 111 and 112:
Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

Create successful ePaper yourself

Delete template?

Save as template?