Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
522 Views 4 Replies Latest reply: Aug 30, 2013 6:59 AM by kvt RSS
kvt Newcomer 5 posts since
Jan 27, 2011
Currently Being Moderated

Aug 29, 2013 12:59 PM

MFE 8.3.1 Creating Custom Applications

OK,   I have not worked with the Version 8.x much,   have been stuck on the old version 7.x  

but here goes.  

I  have some applications I have to let through the new MFE but are not listed in the Applications, and do not find anything close to what I need,  Thus I create a new custom application and select TCP/UDP,  put in the TCP port, I need it to allow through.  

THen create my Access Control Rule and select the new application I just created.   The multiple source host on the internal zone and end points on the external zone and finish out the rest of the basic config.

Now when watching the audit,   I see it show up as a TCP net probe, from my selected host, to the proper destination host and on the port it is supposed to be on.  with a reason  of

Received a TCP connection attempt destined for a service that the current policy does not support. 

 

Any suggestions or help that anyone can recommend.  As I have several of these custom applications that I must get working.

 

Thanks

 

KVT

  • vetterous Newcomer 9 posts since
    May 27, 2011
    Currently Being Moderated
    1. Aug 29, 2013 3:59 PM (in response to kvt)
    Re: MFE 8.3.1 Creating Custom Applications

    Are you using appilcation defenses? Have you tried using the connection settings appilcation defense on the rule just to test if a filter would work?

  • sliedl McAfee SME 536 posts since
    Nov 3, 2009
    Currently Being Moderated
    2. Aug 29, 2013 4:44 PM (in response to kvt)
    Re: MFE 8.3.1 Creating Custom Applications

    What is the dest_zone in the audit message?

     

    Do a 'route -n get [dest. IP]' on the firewall to make sure the destination IP is routed out the correct interface (and thus zone).

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    3. Aug 30, 2013 4:09 AM (in response to kvt)
    Re: MFE 8.3.1 Creating Custom Applications

    The process you explain is essentially correct. For "Proxy" in version 6, think "Service" in version 7, and "Application" in version 8.

     

    If you wish to create a custom "application" definition you do exactly what you say, create a new entry, select the TCP/UDP radio button and specify the required ports (assuming it it TCP or UDP-based).

     

    When you save this entry and look at it in the application list you will see that it is referred to as an "Infrastructure Service".

     

    If you need to work with multiple services you can create an application group, but as v8 now allows multiple applications, sources and destinations to be added individually to a rule it isn't quite so important to do so.

     

    Then you create your rule. Like version 7 as soon as a rule has been created the underlying process (daemond, I think) should then start a listener service in anticipation of traffic on that port. Sam (sliedl) will be able to confirm, but I think the exception to this is if the rule has an application defense assigned that switches behaviour into basic packet filter mode.

     

    If the audit it reporting a netprobe event, this would suggest that you have either created the custom application incorrectly (wrong ports), haven't assigned the application in question to the rule, or the client service is actually using different ports to the ones you think it should be using.

     

    -Phil.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points