2 Replies Latest reply on Aug 27, 2011 12:32 AM by gizmagis

    HIPS 8.0 - ePO configuration question

    gizmagis

      Hi guys,

       

      I am new to HIPS and have a question regarding congirution - allowing and blocking traffic.  i know that typical firewall works that everything is blocked (most bottom rule), everything up is allowed (based on rules). How does this work in HIPS firewall when managing in ePO ?

       

      I know I can add rules and groups of rules with allow or block action. My question is: are rules and group of rules, which are not added (enabled) blocked or allowed ?

       

      Thnx,

      Gregor

        • 1. Re: HIPS 8.0 - ePO configuration question
          Kary Tankink

          The ePO policy has rules to Allow/Block network traffic.  The client has a BLOCK ALL rule at the bottom of the policy.  Any network traffic not allowed via ePO policy, will be automatically Blocked by the client.  This is the reason why you don't need a BLOCK ALL rule at the bottom of the ePO policy, but some people prefer to see it in the policy anyways. 

           

          You can view this bi-directional block all rule at the bottom of the Host IPS 8.0 Client UI Firewall policy: Block All Traffic.

          • 2. Re: HIPS 8.0 - ePO configuration question
            gizmagis

            Hi Kary,

             

            yes I found out under Client UI that at the bottom is Block All rule that catch everything else. I was a little confused about logic Enable / Disable rule and the fact that you could also create a block rule due to the fact that bottom rule block everything else

             

            Thanks for help Kary !

             

            Gregor