cancel
Showing results for 
Search instead for 
Did you mean: 
nate_ray
Level 7

HIPS FW rules not applying to traffic

Jump to solution

I have created a firewall policy with the goal of whitelisting network traffic and the applications associated with the traffic. I am using a "Permit all TCP" and "Permit all UDP" before the explicit "Block all traffic" rule so that I can monitor and review firewall rules and not restrict myself from other services.

Is there any reason why traffic from BlueCoat Client to 80/TCP would not be handled by the rule shown in the screenshhot. My firewall logs show the BlueCoat Client traffic being handled by the "Allow All TCP" which is far lower down on the rule stack as opposed to the FW rule to permit BlueCoat Client traffic out-bound?

FW_Rules.pngFW_logs.png

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: HIPS FW rules not applying to traffic

Jump to solution

I suspect you have the wrong File Description for the Blue Coat executable.

KB71735 - Host Intrusion Prevention 8.0 - Executable File Description field

0 Kudos
2 Replies
McAfee Employee

Re: HIPS FW rules not applying to traffic

Jump to solution

I suspect you have the wrong File Description for the Blue Coat executable.

KB71735 - Host Intrusion Prevention 8.0 - Executable File Description field

0 Kudos
nate_ray
Level 7

Re: HIPS FW rules not applying to traffic

Jump to solution

Thanks for a quick and correct response. I wish McAfee would make the importance of that field a little more obvious.

0 Kudos