McAfee HISCDE-AB-IA Product Guide - Page 70

Creating connection isolation groups, Blocking DNS traffic, Using the Host IPS catalog, New Group

Get McAfee HISCDE-AB-IA - Host Intrusion Prevention PDF manuals and user guides View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 70 highlights

Configuring Firewall Policies Define firewall protection 4 Create new rules within this group, or move existing rules into it from the firewall rule list or the Host IPS catalog. Creating connection isolation groups Create a connection isolation firewall rules group to establish a set of rules that apply only when connecting to a network with particular parameters. Task For option definitions, click ? on the page displaying the options. 1 On the Firewall Rules policy page, click New Group or Add Group from Catalog. 2 On the Description tab, type a descriptive name in the Name field. 3 On the Location tab, select Enabled for both Location status and Connection isolation, type a Name for the location, then select a DNS suffix, default gateway, or other criteria for matching. 4 On the Network tab, under Media types, select the type of connection (Wired, Wireless, Virtual) to which to apply the rules in this group. NOTE: Transport Options and Applications are not available for connection isolation groups. 5 On the Summary tab, click Save. 6 Create new rules within this group, or move existing rules into it from the firewall rule list or the Host IPS catalog. Blocking DNS traffic To refine firewall protection you can create a list of domain name servers that Host IPS blocks by not allowing the resolving of their IP address. NOTE: Do not use this feature to block fully qualified domains; instead, block the FQDN remote address in a firewall rule. Task For option definitions, click ? on the page displaying the options. 1 On the Firewall DNS Blocking policy page, click New Rule to create a new rule; click Edit under Actions to edit an existing rule. 2 Click Add Blocked Domain. 3 In the text box type the name of the domain name server you want to block. Use the wildcards * and ?; for example, *domain.com. One name per entry. 4 Click the add button to add other addresses, click the remove button to delete addresses. 5 Click Save to save any changes. Using the Host IPS catalog The Host IPS catalog allows you to add new items or reference existing items for use with the firewall. This task helps you find and edit existing catalog items, create and add new catalog items, or import and export catalog items. 70 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
4
Create new rules within this group, or move existing rules into it from the firewall rule list
or the Host IPS catalog.
Creating connection isolation groups
Create a connection isolation firewall rules group to establish a set of rules that apply only when
connecting to a network with particular parameters.
Task
For option definitions, click
?
on the page displaying the options.
1
On the Firewall Rules policy page, click
New Group
or
Add Group from Catalog
.
2
On the Description tab, type a descriptive name in the
Name
field.
3
On the Location tab, select
Enabled
for both
Location status
and
Connection isolation
,
type a Name for the location, then select a DNS suffix, default gateway, or other criteria
for matching.
4
On the Network tab, under
Media types
, select the type of connection (
Wired, Wireless,
Virtual
) to which to apply the rules in this group.
NOTE:
Transport Options and Applications are not available for connection isolation groups.
5
On the Summary tab, click
Save
.
6
Create new rules within this group, or move existing rules into it from the firewall rule list
or the Host IPS catalog.
Blocking DNS traffic
To refine firewall protection you can create a list of domain name servers that Host IPS blocks
by not allowing the resolving of their IP address.
NOTE:
Do not use this feature to block fully qualified domains; instead, block the FQDN remote
address in a firewall rule.
Task
For option definitions, click
?
on the page displaying the options.
1
On the Firewall DNS Blocking policy page, click
New Rule
to create a new rule; click
Edit
under
Actions
to edit an existing rule.
2
Click
Add Blocked Domain
.
3
In the text box type the name of the domain name server you want to block. Use the
wildcards * and ?; for example, *domain.com. One name per entry.
4
Click the add button to add other addresses, click the remove button to delete addresses.
5
Click
Save
to save any changes.
Using the Host IPS catalog
The Host IPS catalog allows you to add new items or reference existing items for use with the
firewall. This task helps you find and edit existing catalog items, create and add new catalog
items, or import and export catalog items.
Configuring Firewall Policies
Define firewall protection
McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5
70