McAfee HISCDE-AB-IA Product Guide - Page 65
Configuring the Firewall Options policy, Medium Risk
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 65 highlights
Configuring Firewall Policies Enable firewall protection • Allow only outgoing traffic until the Host IPS service has started - Select to allow outgoing traffic but no incoming traffic until the Host IPS firewall service has started on the client. • Enable IP spoof protection - Select to block network traffic from non-local host IP addresses or from local processes that attempt to spoof their IP address. • Send events to ePO for TrustedSource violations - Select to send events to the ePO server if the TrustedSource block threshold setting for incoming or outgoing traffic is matched. • Incoming TrustedSource block threshold - Select from the list the TrustedSource rating at which to block incoming traffic from a network connection. Options include: High Risk, Medium Risk, Unverified, and Do not block. • Outgoing TrustedSource block threshold - Select from the list the TrustedSource rating at which to block outgoing traffic to a network connection. Options include: High Risk, Medium Risk, Unverified, and Do not block. Stateful firewall settings The stateful firewall settings are available: • FTP protocol inspection - A stateful firewall setting that allows FTP connections to be tracked so that they require only one firewall rule for outgoing FTP client traffic, and one for incoming FTP server traffic. If this option is not selected, FTP connections require an additional rule for incoming FTP client traffic and outgoing FTP server traffic. This should always be selected. • TCP connection timeout - The time in seconds a TCP connection that is not established remains active if no more packets matching the connection are sent or received. • UDP and ICMP echo virtual connection timeout - The time in seconds a UDP or ICMP echo virtual connection remains active if no more packets matching the connection are sent or received. It is reset to its configured value every time a packet that matches the virtual connection is sent or received. Policy selections This policy category contains one preconfigured policy and an editable My Default policy, based on the McAfee Default policy. You can view and duplicate preconfigured policies, and create, edit, rename, duplicate, delete, and export custom policies. The preconfigured policy has these settings: McAfee Default Firewall protection is disabled, and these options are selected to be applied when the firewall is enabled: • Allow bridged traffic • Retain client rules • Enable IP spoof protection • Use FTP protocol inspection Configuring the Firewall Options policy Configure settings in this policy to turn firewall protection on and off or apply adaptive or learn mode. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 65