Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
422 Views 1 Reply Latest reply: Mar 26, 2013 9:05 AM by Attila Polinger RSS
PhilM Champion 528 posts since
Jan 7, 2010
Currently Being Moderated

Mar 13, 2013 9:35 AM

Creating a Network Group with an exception value

I'm currently playing with a MEG7 installation in a test environment and am trying to come up with some working practices which (I hope) will serve me well in the future.

 

Having had some basic exposure to the EWS product I can see the similarities between the Email component of EWS and MEG7.

 

Maybe the scenario I am working on is a little too open and may not translate very well to a production environment, but I was looking at creating a network group which could then be references when creating e-mail policies and protocol presets.

 

In my test environment I would like to be able to send outbound e-mail from any host on the trusted network, but identify one IP address as an exception so I created a network group with the following elements:-

 

Source IP address is in 192.168.1.0/24

Source IP address is not 192.168.1.100

 

In the e-mail policy screen I then created a new policy (positioning it above Default), set the policy type to "Outbound". The match logic was set to "Match all of the following..." and when adding the rule I selected "Source network group is <group name>".

 

However, after passing some mail through the system I could see from the output in the Reports -> Message Search screen was showing all of these messages as being "Inbound".

 

I went back to the e-mail policy, removed the rule referencing the network group and replaced it with two indvidual rules with exactly the same values as above. With this change applies, I passed some more messages through and it correctly identified them as being outbound.

 

Why did this not appear to work when using the network group value?

 

-Phil.

  • Attila Polinger Veteran 1,161 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Mar 26, 2013 9:05 AM (in response to PhilM)
    Re: Creating a Network Group with an exception value

    Hi,

     

    I recall having a similar issue at one of our policies where it turned out that you cannot use the same type of rule more than one time within a rule group and apply logic to them. It may not be obvious now and perhaps this has already been somehow addressed (or thought to be), I mentioned it anyway.

     

    Another thing to keep in mind: the rule group type is not meaning that it will apply as per the flow direction by all means. This is for the logging reference/information only.

     

    I hope these are useful pieces of info for you.

     

    Attila

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points