7 Replies Latest reply on Jun 7, 2012 4:57 PM by sliedl

    How to block an application by user with a McAfee Firewall

    agil

      Hi guys,

       

      First that all, sorry for my english i'm very bad hehehe

       

       

      I have a McAfee Firewall Cluster with 8.2.0 and i'd like to know how to block an application by user, for example, the user agil can't use Skype but the rest of the user yes can.

       

      I have already configured a LDAP iPlanet in my cluster.

       

      Thanks for your help

       

      Alek

        • 1. Re: How to block an application by user with a McAfee Firewall
          Peter M

          Moved from Community Interface Help provisionally to Firewall Enterprise (Sidewinder) for better attention.

          • 2. Re: How to block an application by user with a McAfee Firewall
            PhilM

            Have a look at the McAfee Logon Collector module. If you are running v8 you will be able to download this from the McAfee Download Site using your grant number. You will also be able to download the documentation for this product.

             

            Install it on to a Windows server that is a member of your domain and configure it to communicate with your McAfee Firewall Enterprise cluster.

             

            With this in place you the Logon Collector is able to report back to the Firewall who (username) is logged into each IP address (assuming they have logged into the domain). From here you can create access control rules for any application type, including Skype, only allowing access for those usernames you have selected from the list.

             

            I hope this helps you.

             

            -Phil.

            • 3. Re: How to block an application by user with a McAfee Firewall
              sliedl

              - You set up an Authenticator to talk to your LDAP iPlanet server (there is an iPlanet authenticator).

              - You set this Authenticator as the 'Authenticator used to establish Passport credentials'.

              - In your rule, in the 'Users and User groups' box, check Authenticated.

              - Make sure 'None/Passport' is selected for the Authenticator in this rule.

               

              Now users will have to enter a username/password once to get through this rule.  They will then have a Passport for 10 hours (by default) and they don't have to enter a username/password to get through this rule.  If they don't have a username/password they can't pass through this rule.


              If you want only certain users to use this rule and others to not you need to create each of these usernames on the firewall (as No Login users).  Then you can select their names individually for this rule (in the Users and User Groups box).

               

              There is no way to do this 'transparently to the user'  with iPlanet -- they need to enter a username/password.  With NTLM or MLC it can be transparent to the user.

              1 of 1 people found this helpful
              • 4. Re: How to block an application by user with a McAfee Firewall
                agil

                Hi Philm,

                 

                The LC works only with Microsoft Active Directory.

                • 5. Re: How to block an application by user with a McAfee Firewall
                  agil

                  Hi sliedl,

                   

                  But if i want that the Firewall authenticate these "certain" users through the iPlanet? As you told me, i can't right?

                   

                  Thanks

                   

                  Alek

                  • 6. Re: How to block an application by user with a McAfee Firewall
                    mcoy

                    Hi,

                     

                    only MLC allow you to authenticate users with all application, when you using iPlanet only option for authenticat users is "Atctive identity validation" (more information in admin guide).

                    Unfortunately active passport support only fiew authenticators: Admin Console, HTTP and HTTP-based applications, FTP, Login Console, SOCKS Proxy, Telnet, Telnet Server SSH Server.

                     

                    Best Regards,

                    mcoy

                    • 7. Re: How to block an application by user with a McAfee Firewall
                      sliedl

                      Rules are based on the Service (port).  You come in on port 80, we find a rule with port 80 in it and match all the other accoutrements in the rule (zones/endpoints/time period/etc.) and then we present the authentication.  If a user passes the authentication we let them through on this rule and apply the things in the Application Defense (virus scanning/SmartFilter/nothing/etc.).  If the user fails the authentication they fall through the rule to the next rule that will let them through or to the Deny All rule.

                       

                      You could make the first rule have no SmartFIltering and have authentication.  If a user who cannot authenticate hits that rule they will fail authentication and go to the next rule, where you have an app. defense with SmartFilter turned on.  All non-authenticated users get SF'ed and others do not.

                       

                      Edit:  This does not work with Passport as the authenticator (which you would want to use for web traffic, or you'll be prompted every time for authentication on every-single-thing that loads on a webpage).  This only works if you use any authenticator but Passport in the rule.  Using passport causes the ssod (single-sign-on daemon) to be fired off to handle the creation of the passport.  Once that happens it's not possible for the session to be handed back to 're-checked' by the acld process (the ACL daemon) and thus you cannot continue down the rules, you're sent to Deny All basically.  That is my guess as to what is happening.

                       

                      Message was edited by: sliedl on 6/7/12 4:57:42 PM CDT