2 Replies Latest reply: Jun 24, 2013 9:02 PM by pwctw RSS

    What's different between "Trusted Applications" and "Firewall Rules" in HIP

    pwctw

      Hi all,

       

      If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

       

      "Trusted Applications"? or "Firewall Rules"?

       

      Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

       

      but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

       

      Thanks

        • 1. Re: What's different between "Trusted Applications" and "Firewall Rules" in HIP
          Kary Tankink
          If I want to make VNC (Remote access applicaiton) pass through HIP, which policy do I have to configure?

          Firewall rules would be your best bet.

           

           

          Actually, it works when I only add a firewall rule in "Firewall Rules", and it doesn't work when I only add VNC application in "Trusted Applications",

           

          but I'm still wondering that what's different between "Trusted Applications" and "Firewall Rules" in HIP?

           

          Trusted Applications work by allowing an application executable to bypass most of HIPS (not all).

           

          • For Firewall trusts, all OUTGOING IP-based traffic would be allowed for the exectuable.  For all INBOUND-initiated network traffic, you would need to create a firewall rule to allow it.
          • For IPS trusts, most IPS signatures will be bypassed for the trusted application, but not all. For the others, IPS exceptions will be required.

           

          KB71704 - Host Intrusion Prevention Trusted Applications defined

          • 2. Re: What's different between "Trusted Applications" and "Firewall Rules" in HIP
            pwctw

            Thanks Kary, very useful and clear information, thank you!