Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuring Firewall Policies<br />
Working with Firewall Options policies<br />
When you configure the Quarantine Options policy, you specify a list of protected IP addresses<br />
and subnets. Any user assigned one of these addresses is quarantined by <strong>Host</strong> <strong>Intrusion</strong><br />
<strong>Prevention</strong> upon returning to the network.<br />
When the Quarantine Options policy is applied to a client, <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> uses the<br />
ePolicy Orchestrator agent to determine if the client has the most recent policies and files. This<br />
involves checking if all ePolicy Orchestrator tasks have run properly.<br />
If the system is up-to-date, <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> immediately releases the client from<br />
quarantine.<br />
If one or more ePolicy Orchestrator tasks have not run, however, the system is not up-to-date<br />
and <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> does not automatically release the quarantine. The client system<br />
could remain quarantined <strong>for</strong> a few minutes while the ePolicy Orchestrator agent updates policies<br />
and files. <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> can continue or stop the quarantine as determined by<br />
settings in the Quarantine Options policy. If you configure <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> to continue<br />
en<strong>for</strong>cing the quarantine, clients could remain quarantined <strong>for</strong> a prolonged period.<br />
In addition, the Quarantine Options policy allows you select startup protection, so that when a<br />
client starts it will be quarantined and network access will be blocked until a Firewall Rules<br />
policy can be applied.<br />
NOTE: Quarantine mode requires the firewall be enabled. Even if the quarantine mode is enabled,<br />
the quarantine does not take effect unless the firewall is also enabled.<br />
Working with Firewall Options policies<br />
The Firewall Options policy turns on and off the firewall and allows you to apply adaptive or<br />
learn mode to create new firewall rules.<br />
This policy category contains four preconfigured policies and an editable My Default policy.<br />
You can view and duplicate preconfigured policies; you can, create, edit, rename, duplicate,<br />
delete, and export custom policies.<br />
Preconfigured policies include:<br />
Off (<strong>McAfee</strong> Default)<br />
All settings are disabled<br />
On<br />
• Enable Firewall<br />
• Enable regular protection<br />
• Retain client rules<br />
Adaptive<br />
• Enable Firewall<br />
• Enable Adaptive mode<br />
• Retain client rules<br />
Learn<br />
• Enable Firewall<br />
• Enable Learn mode, Incoming and Outgoing<br />
• Retain client rules<br />
On the Policy Catalog policy list page, click New Policy to create a new custom policy; click<br />
Duplicate under Actions to create a new custom policy based on an existing policy.<br />
56<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong>