McAfee HISCDE-AB-IA Product Guide - Page 67
Define firewall protection, Does it introduce latency? How much?
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 67 highlights
Configuring Firewall Policies Define firewall protection Does it introduce latency? How much? When TrustedSource is contacted to do a reputation lookup, some latency is inevitable. McAfee has done everything it can to minimize this. First, a check of reputations is made only when the options are selected. Second, there is an intelligent caching architecture. In normal network usage patterns, most desired connections are resolved by the cache without a live reputation query. What if the firewall can't reach the TrustedSource servers? Does traffic stop? If the firewall cannot reach any of the TrustedSource servers, it automatically assigns all applicable connections a default reputation that is allowed and an analysis of the rules that follow continues. Define firewall protection Firewall rules determine how a system operates when it intercepts network traffic, permitting or blocking it. You create and manage firewall rules by applying a Firewall Rules policy and a Firewall DNS Blocking policy with the appropriate settings. Firewall Rules policy selections The Firewall Rules policy category contains two preconfigured policies and an editable My Default policy, based on the McAfee Default policy. You can view and duplicate the preconfigured policy, and edit, rename, duplicate, delete, and export editable custom policies. Table 8: Preconfigured Firewall Rules policies Policy Usage Minimal (Default) Use this policy for default minimal protection. lt does the following: • Blocks any incoming ICMP traffic that an attacker could use to gather information about your computer. Host IPS allows all other ICMP traffic. • Allows Windows file sharing requests from computers in the same subnet, and blocks file sharing requests from anyone else (Trusted Networks policy must have Include Local Subnet Automatically selected). • Allows you to browse Windows domains, workgroups, and computers. • Allows all high incoming and outgoing UDP traffic. • Allows traffic that uses BOOTP, DNS, and Net Time UDP ports. Typical Corporate Environment Use this policy as a starting point and combine with the results from applying the adaptive mode to learn and verify any additional rules. This policy should generate fewer learned client rules in adaptive mode as compared to existing default firewall policies. The policy is full-featured and meets the needs for most organizational firewalls. McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5 67