cancel
Showing results for 
Search instead for 
Did you mean: 
youngs
Level 10

McAfee Host Intrusion Prevention Firewall - Connection-Aware Groups

Hi, We are looking at using the CAG's within our environment and I have been testing these for awhile now.  I have a great understanding on how the work and how to configure them for our environment.  I really like them as it appears to help with management of the firewall rules.  I am wondering if others are using them and how you have them set up with in your organization?

My thought is to set rules that are required regardless of connection or location.  Then have a CAG based on network adapter and a set of matches which once matched would allow anything to our trusted WAN.

Thoughts?

Thanks

Scott

0 Kudos
4 Replies
uzanatta
Level 10

Re: McAfee Host Intrusion Prevention Firewall - Connection-Aware Groups

Hi,

you should make a set of standard rules (eg: loopback, dns, vpn connection, http, https) up to the CAG, therefore you can enable only a bunch of these (eg: http, https) for a few minutes (timed group setting) in order to let user to connect to VPN or to connect to trusted networks.

Rgds,

0 Kudos
greatscott
Level 12

Re: McAfee Host Intrusion Prevention Firewall - Connection-Aware Groups

The timed group is worthless. From what i recall, the user can just sit there and reset the time, after each session elapses.

0 Kudos
youngs
Level 10

Re: McAfee Host Intrusion Prevention Firewall - Connection-Aware Groups

I agree with the timed groups as with our business we can't impact our users from being able to surf the web when off our network.  That is why we are only allowing web surfing and what other ports required to connect to our VPN.  After connected we are allowing traffic to flow freely on our internal network.   The CAG's work great for this type of direction I was just looking to see how others were using them.

Thanks

Scott

0 Kudos
uzanatta
Level 10

Re: McAfee Host Intrusion Prevention Firewall - Connection-Aware Groups

A customer of mine uses CAG in order to avoid any kind of connections by tethering, therefore employees must use proxy with URLs filtering.

Rgds,