Showing results for 
Search instead for 
Did you mean: 

Smart way to create and manage Firewall policies / rules in multiple remote sites ?

Hello everybody,

I plan to use HIPS + FW for my remote DC's. But I cant figure out how to solve this problem :

Theoritically at a remote site there are 20 PCs + DC. I want to control and manage Windows RPC actions (Port 137-139) between these machines. I plan to create a rule like ; only allow RPC traffic from local site (x.x.x.x network).

IMO the simplest way to to that is to create a policy for each remote site and assign to it's site. But that means lot of policies and I want create and manage minimum number of firewall policies and rules.

Is there a better and smart way to do that in minimum number of policies ?

Thank you anyway.

1 Reply
Level 7
Report Inappropriate Content
Message 2 of 2

Re: Smart way to create and manage Firewall policies / rules in multiple remote sites ?

I can think of a couple options off the top of my head:

  • You can add all of your DC's into a single Trusted Networks policy, and then create one Firewall Rules policy that includes a rule that allows all IP from Trusted...
  • But this is dependent on if you want machines in location X to allow connections from the DCs in all the other locations.


  • Create one Firewall Rules policy, and make a Connection-Aware Group for each location, then create a rule in each CAG that allows incoming connections from the proper DC.
  • Not sure how many locations you have though... this may be somewhat difficult to manage.

Option A would be the easiest to manage I think, but option B would make it a bit more locked-down.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community