We want to create three groups and under each group we want to have 20 sub groups .How can we create them in order to work properly and also as recommended by McAfee.I have through the documents for standard ruleset but I m not able to create three groups so that it can work accordingly.
Can anyone show m the screenshot of their rules created in the way like group and subgroups
I think some more details are required. Can you elaborate what exactly you mean when stating "three groups and under each group ... 20 sub groups"?
Generally it is not a problem to make three rule sets with 20 rule sets as children, the most important part is probably setting the criteria. Can you maybe give a quick example what exactly you are trying to achieve?
Thanks Andre for the response,
Suppose under first group there is a subgroup called HR for which the rule is client.IP is in list and URL matches in list with action stop ruleset.Likewise,there are other subgroups under this group.At the end of first group last subgroup is block rule,which is working fine. But when I create the second group like the first group all URLs under second group are getting blocked as there is a block rule at the end of first group.
How can I create rules so that all URLs under second and third group won't get blocked.
If u want screenshot I can provide it to you for clear understanding
Screenshot attached. We can do that by combining all sub groups in different group into one group but we want to manage it through three groups.how can we do it.
I think the problem is that the Rule Sets (e.g. "First Group", "Second Group", "Third Group") do not have any criteria. This means that every request from - for example - the third group also enters the rule set for the first group - and gets blocked by the "Block All" rule. On the other hand if a request from first group hits a "Stop Rule Set" action in the first group rule set MWG will jump into the rule set for the second group - and the block action will most likely apply and block access.
Basically you can design rules like shown in the screenshot but you have to make sure in the rule sets that only the right requests go into that rule set by adjusting the criteria. Client IP might be suitable here... for the first group shown in the screenshot you could make the criteria for the rule set "DC-DR_Servers" like this:
Client.IP is in list SMS_Gateway_IPs_Allowed
Client.IP is in list Microsoft_Update_IPs_Allowed
Client.IP is in list Symantec_IPs_Allowed
You do the same for the other rule sets (second group, third group).
If now a request comes from any host in "Symantec_IPs_Allowed" this request will only go into the first group. If a "Stop Rule Set" action matches the request will leave the first group rule set and - because of the criteria we set - not go into the second or third group rule sets.
Actually we tried that but the thing is that every time we have to add IPs in group as well as subgroup also.
Is there any other way to go or we have to go with this.