McAfee HISCDE-AB-IA Product Guide - Page 70
Creating connection isolation groups, Blocking DNS traffic, Using the Host IPS catalog, New Group
View all McAfee HISCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 70 highlights
Configuring Firewall Policies Define firewall protection 4 Create new rules within this group, or move existing rules into it from the firewall rule list or the Host IPS catalog. Creating connection isolation groups Create a connection isolation firewall rules group to establish a set of rules that apply only when connecting to a network with particular parameters. Task For option definitions, click ? on the page displaying the options. 1 On the Firewall Rules policy page, click New Group or Add Group from Catalog. 2 On the Description tab, type a descriptive name in the Name field. 3 On the Location tab, select Enabled for both Location status and Connection isolation, type a Name for the location, then select a DNS suffix, default gateway, or other criteria for matching. 4 On the Network tab, under Media types, select the type of connection (Wired, Wireless, Virtual) to which to apply the rules in this group. NOTE: Transport Options and Applications are not available for connection isolation groups. 5 On the Summary tab, click Save. 6 Create new rules within this group, or move existing rules into it from the firewall rule list or the Host IPS catalog. Blocking DNS traffic To refine firewall protection you can create a list of domain name servers that Host IPS blocks by not allowing the resolving of their IP address. NOTE: Do not use this feature to block fully qualified domains; instead, block the FQDN remote address in a firewall rule. Task For option definitions, click ? on the page displaying the options. 1 On the Firewall DNS Blocking policy page, click New Rule to create a new rule; click Edit under Actions to edit an existing rule. 2 Click Add Blocked Domain. 3 In the text box type the name of the domain name server you want to block. Use the wildcards * and ?; for example, *domain.com. One name per entry. 4 Click the add button to add other addresses, click the remove button to delete addresses. 5 Click Save to save any changes. Using the Host IPS catalog The Host IPS catalog allows you to add new items or reference existing items for use with the firewall. This task helps you find and edit existing catalog items, create and add new catalog items, or import and export catalog items. 70 McAfee Host Intrusion Prevention 8.0 Product Guide for ePolicy Orchestrator 4.5