cancel
Showing results for 
Search instead for 
Did you mean: 
Director
Level 9

Advice for Configuring HIPS 8 Firewall policies needed

Hello - I've been tasked with replacing our existing Trend IDF product with the McAfee HIPS one.

Obviously, I've been asked to provide a like for like solution, or as close to it as possible.

The requirement is that when connected to our LAN, the F/W doesn't block any traffic, (All Ingoing / All Outgoing Allowed), but connections to other networks are prevented, so the user can't be connect to our LAN and say a wireless hotspot at the same time.

When not connected to our LAN, All Incoming traffic would be blocked, All Outgoing traffic would be allowed, and the single network at a time continues.

With the Trend product, I accomplished this by creating a "On Domain" context, and an "Off Domain" context, and then assigning rules via the context.

(On Domain was defined as "Locally connected to Domain", Off Domain is defined as "Not connected to Domain).

In McAfee HIPS, I'm having difficulty working out how to achieve this. I've created a location "On Domain", defined as "Require that ePO be reachable", and can assign rules to that, but how can I create an "Off Domain" location, and am I even going about this in the right way?

Thanks!

0 Kudos
3 Replies
McAfee Employee

Re: Advice for Configuring HIPS 8 Firewall policies needed

Location aware groups will help you with this.

  • Location aware groups will allow you to apply firewall rules only to a specific matching adapter (when on the LAN allow all traffic).
  • Within a Location aware group, Connection Isolation will help you block all traffic on non-matching adapters (when on the LAN, block traffic on all other network adapters).

See page 55 of: PD22894 - Host Intrusion Prevention 8.0 for ePO 4.5 Product Guide.

You don't need to have an "Off domain" policy.  With a Location aware group, you apply a ruleset when the system is on an "approved" network.  If it doesn't match that Location aware group, then the rest of the firewall rule policy will apply (e.g., allow no/limited traffic).

0 Kudos
Director
Level 9

Re: Advice for Configuring HIPS 8 Firewall policies needed

Thanks, I will make an "On Domain" location requiring the ePO server to be available, and using the Domain's DNS suffix, and move the "Off Domain" rules out of that group and delete the second location.

0 Kudos
DerFalk
Level 7

Re: Advice for Configuring HIPS 8 Firewall policies needed

But after some time (eg 10 minutes) connecting to an router at home, my Test-Notebook gets an IP from my router and all works fine to surf the Internet through my home-ISP. Any suggestions to that behavior?

0 Kudos