cancel
Showing results for 
Search instead for 
Did you mean: 
DefenderZ
Level 7

Firewall rule - allow traffic to specific domain

I am trying to set up a firewall policy rule with the following definition:

Only allow traffic to website with domain: mcafee.com (for example)

I can see two ways of doing this:

1) Create new rule, set action to 'allow', choose rule type 'Domain', enter 'mcafee.com' in the domain list field

2) Create new rule, set action to 'allow', choose rule type 'Standard', from remote address dropdown choose 'fully qualified domain name' and enter 'mcafee.com', communication on 'All IP Protocols'

But neither of these seem to allow me to access the McAfee website when HIPS is enabled on a client PC. Instead all web traffic is blocked (as I would expect if I hadn't configured any other rules).

Can someone tell me if I'm missing something blantantly obvious, or if the above premise should work?

Thank you

0 Kudos
3 Replies
dyilmaz
Level 9

Re: Firewall rule - allow traffic to specific domain

Would the client be able to resolve the FQDN with your current ruleset? Also please be aware that rules are worked down from top to bottom meaning that DNS should be on top of your Rule I would think.

0 Kudos
DefenderZ
Level 7

Re: Firewall rule - allow traffic to specific domain

Thanks for your response dyilmaz

We do have a rule for DNS above the rule I am testing:

  • Allow outgoing traffic
  • Remote service: dns (53)

Incidentally we also have a rule (which I temporarily disabled during testing) which allowed all traffic, in and out, to any remote address - and this allowed access to any website. As soon as I disabled this, leaving my specific mcafee.com rule in place - I was unable to connect to any website, including McAfee's.

0 Kudos
McAfee Employee

Re: Firewall rule - allow traffic to specific domain

Host IPS was not designed as a Web URL filtering product.  Some comments:

1. HIPS Firewall Domain rules allow/block DNS lookups only.  It does not allow outbound traffic for the domain that is looked up (See #2).

2. You still need to create firewall rules to allow outbound traffic (e.g., to browse to the Internet you need to create firewall rules that allow outbound TCP port 80 traffic).

3. FQDN firewall rules are to specific hostnames.domainnames.  You cannot use wildcards.  You would need to create FQDN rules for every specific Internet hostname that the user need to communicate with (e.g., www.mcafee.com, images.mcafee.com, community.mcafee.com, etc.).

on 12/13/10 12:33:17 PM CST
0 Kudos