cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
agil
Level 7
Report Inappropriate Content
Message 1 of 8

How to block an application by user with a McAfee Firewall

Hi guys,

First that all, sorry for my english i'm very bad hehehe

I have a McAfee Firewall Cluster with 8.2.0 and i'd like to know how to block an application by user, for example, the user agil can't use Skype but the rest of the user yes can.

I have already configured a LDAP iPlanet in my cluster.

Thanks for your help

Alek

7 Replies

Re: How to block an application by user with a McAfee Firewall

Moved from Community Interface Help provisionally to Firewall Enterprise (Sidewinder) for better attention.

PhilM
Level 14
Report Inappropriate Content
Message 3 of 8

Re: How to block an application by user with a McAfee Firewall

Have a look at the McAfee Logon Collector module. If you are running v8 you will be able to download this from the McAfee Download Site using your grant number. You will also be able to download the documentation for this product.

Install it on to a Windows server that is a member of your domain and configure it to communicate with your McAfee Firewall Enterprise cluster.

With this in place you the Logon Collector is able to report back to the Firewall who (username) is logged into each IP address (assuming they have logged into the domain). From here you can create access control rules for any application type, including Skype, only allowing access for those usernames you have selected from the list.

I hope this helps you.

-Phil.

agil
Level 7
Report Inappropriate Content
Message 4 of 8

Re: How to block an application by user with a McAfee Firewall

Hi Philm,

The LC works only with Microsoft Active Directory.

sliedl
Level 14
Report Inappropriate Content
Message 5 of 8

Re: How to block an application by user with a McAfee Firewall

- You set up an Authenticator to talk to your LDAP iPlanet server (there is an iPlanet authenticator).

- You set this Authenticator as the 'Authenticator used to establish Passport credentials'.

- In your rule, in the 'Users and User groups' box, check Authenticated.

- Make sure 'None/Passport' is selected for the Authenticator in this rule.

Now users will have to enter a username/password once to get through this rule.  They will then have a Passport for 10 hours (by default) and they don't have to enter a username/password to get through this rule.  If they don't have a username/password they can't pass through this rule.


If you want only certain users to use this rule and others to not you need to create each of these usernames on the firewall (as No Login users).  Then you can select their names individually for this rule (in the Users and User Groups box).

There is no way to do this 'transparently to the user'  with iPlanet -- they need to enter a username/password.  With NTLM or MLC it can be transparent to the user.

agil
Level 7
Report Inappropriate Content
Message 6 of 8

Re: How to block an application by user with a McAfee Firewall

Hi sliedl,

But if i want that the Firewall authenticate these "certain" users through the iPlanet? As you told me, i can't right?

Thanks

Alek

mcoy
Level 7
Report Inappropriate Content
Message 7 of 8

Re: How to block an application by user with a McAfee Firewall

Hi,

only MLC allow you to authenticate users with all application, when you using iPlanet only option for authenticat users is "Atctive identity validation" (more information in admin guide).

Unfortunately active passport support only fiew authenticators: Admin Console, HTTP and HTTP-based applications, FTP, Login Console, SOCKS Proxy, Telnet, Telnet Server SSH Server.

Best Regards,

mcoy

sliedl
Level 14
Report Inappropriate Content
Message 8 of 8

Re: How to block an application by user with a McAfee Firewall

Rules are based on the Service (port).  You come in on port 80, we find a rule with port 80 in it and match all the other accoutrements in the rule (zones/endpoints/time period/etc.) and then we present the authentication.  If a user passes the authentication we let them through on this rule and apply the things in the Application Defense (virus scanning/SmartFilter/nothing/etc.).  If the user fails the authentication they fall through the rule to the next rule that will let them through or to the Deny All rule.

You could make the first rule have no SmartFIltering and have authentication.  If a user who cannot authenticate hits that rule they will fail authentication and go to the next rule, where you have an app. defense with SmartFilter turned on.  All non-authenticated users get SF'ed and others do not.

Edit:  This does not work with Passport as the authenticator (which you would want to use for web traffic, or you'll be prompted every time for authentication on every-single-thing that loads on a webpage).  This only works if you use any authenticator but Passport in the rule.  Using passport causes the ssod (single-sign-on daemon) to be fired off to handle the creation of the passport.  Once that happens it's not possible for the session to be handed back to 're-checked' by the acld process (the ACL daemon) and thus you cannot continue down the rules, you're sent to Deny All basically.  That is my guess as to what is happening.

Message was edited by: sliedl on 6/7/12 4:57:42 PM CDT
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community