The reason they would like to remove all bindings on this USB NIC is to perform network testing unfettered through the VMWare VM. They used to be able to uncheck the binding for the McAfee NDIS Intermediate Filter Port and accomplish this until HIPs 8.0.
By unchecking all the connection uses on the USB NIC, they claim to sequestor that network interface to ONLY the VMWare VM, and there are some articles published on the internet that support this idea (http://www.tech-juice.org/2011/06/26/using-a-network-card-only-for-a-vmware-virt ual-machine/). They do not setup any sort of bridging back to the main OS from the VMWare VM.
So, your reply begs the question in my mind, if there is a way to "unbind" the NDIS binding on the USB NIC, and leave it on the internal NIC...
is a way to design a firewall rule in HIPs to allow all traffic on the secondary NIC being used by the VM, and apply all other rules on the main host built-in NIC?
HIPS 8.0 does have the ability to apply a firewall rule based on Media Types (Wired/Wireless/Virtual NIC). I believe VMware NICs will fall under the Virtual NIC category, but it would need to be tested.
Correct. And I have tried various ways to add rules to allow the traffic on the virtual NIC, and still protect wired and wireless.
Could you answer one question for me before I do that though? In order for the network awareness selection to allow or disallow traffic on a virtual NIC in the HIPs Firewall, the HIPs product would need to be installed on the Virtual Machine, correct? In our case the VM is accessed using VMware Workstation and the HIPs software is on the host OS, but not on the virtual machine OS. Therefore, I believe that the Host OS, and HIPs are unaware that the traffic being blocked is generated by the VM. As far as HIPs is concerned it is just traffic on the host OS.
Thanks for the help. I'll check for a reply.
In order for the network awareness selection to allow or disallow traffic on a virtual NIC in the HIPs Firewall, the HIPs product would need to be installed on the Virtual Machine, correct?
HIPS only needs to be installed on the VM Host (it can be installed on virtual Guests, but it's not required). HIPS will filter the VM traffic using firewall rules if you are using VMWare NAT or Host networks. If using the VMWare Bridge network, use the Firewall Option ALLOW BRIDGED TRAFFIC in HIPS 8.0 (VM Bridged networks are not supported in HIPS 7.0).
Why don't you just create a CAG in your firewall ruleset? Structure it like this
Corporate Internal Firewall CAG (criteria is configured to use your IP ranges, DNS servers, WINS server, DHCP server, etc)
Internal corporate firewall ruleset listed here
External Companies Firewall CAG (criteria is configured to use the IP ranges of the USB NIC)
Allow all rule
This way, any traffic matching your company IP ranges is subject to the firewall rules. The traffic matching the the USB NIC traffic, is given an allow all rule.