0 Replies Latest reply on Apr 24, 2013 3:28 PM by wdingus

    Firewall Questions

      I wonder if someone could educate me...

       

      The firewall component of SAAS/TPS is typically used in what scenarios? Is it designed primarily for web servers or other devices with public IPs and direct exposure to the internet? Is there much if any value having it on a computer with an RFC1918 private IP behind a NAT router with zero direct internet-initiate connections possible to it? Does it do anything for outbound connections from the computer to "internet" locations?

       

      We've installed it on a few test PCs and are not entirely certain what it's doing for us. It's definitely an inbound "firewall" in that services on the PC are inaccessible unless we specifically set that port open, etc... If there is any outbound blocking, we've not seen that yet, are not real sure what happens. On https://mcafeeasap.com/ under Reports / Inbound Events Blocked by Firewall there are log entries but they don't really make a lot of sense. The "Computer" and "Originating IP Address" are the same, public IPs for Google and Facebook, etc.. The PCs are all behind a NAT router such that Facebook can't directly connect to them. The "Event" is BANNEDIPTCP or BANNEDIPICMP and similar, which sounds like an outbound connection from the PC out to that IP was blocked. We didn't see any evidence of that, and are not sure why IPs belonging to Facebook or Google or similar companies are being blocked. If indeed that's what the report on the website is telling us about. Which it doesn't really sound like since the report name has "Inbound" in the title.

       

      So maybe there is some RTFM documentation out there we've managed to overlook?

       

      Thanks...