Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
250 Views 2 Replies Latest reply: Feb 11, 2014 8:06 AM by jaroslav_vykoukal RSS
jaroslav_vykoukal Newcomer 4 posts since
Jun 25, 2013
Currently Being Moderated

Feb 10, 2014 10:43 AM

HIP8.0 - Trusted Networks

Hello,

 

I'm not new to McAfee nor HIP itself however I'd like to summarize my assumtions and if possible to get some confirmation from you guys.

 

First question which is bugging me for quite some time is connection between "Trusted Networks" and firewall rule where I specify remote/local networks with value "Trusted".

My understanding is that Trusted Networks should take priority over all other firewall rules, but then I somehow fail to understand what is hidden under this "Trusted" value under creation of new rules.

 

$1EFB3528CD0D7675.jpg

 

Second question - I have had in past few systems where even thou I have had in Trusted Networks specified ranges. System was not able to access ie. Printer even thou it was fitting the range. ( policy was replicated and of course there was no other rule blocking this ) Yes, I have LAG applied to allow traffic over specific DNS, however the systems had problems only from home, thus VPN connected. Now is there some different process for VPNing while I still have Trusted Networks set ?

I understand that the connection then went not directly to this specific device but over VPN thus the range didn't meet the criteria - but there were no related information in Activity log nor FireSvc.log ( bunch of dns mismatches .... )

 

I hope I didn't make this very confusing.

  • Kary Tankink McAfee Employee 659 posts since
    Mar 3, 2010
    Currently Being Moderated
    1. Feb 10, 2014 10:59 AM (in response to jaroslav_vykoukal)
    Re: HIP8.0 - Trusted Networks

    First Question:

     

    My understanding is that Trusted Networks should take priority over all other firewall rules, but then I somehow fail to understand what is hidden under this "Trusted" value under creation of new rules.

     

    Except for TrustedSource exceptions, Trusted Network entries, by itself, does nothing in the HIPS Firewall (i.e., the IP addresses are not "whitelisted" for traffic).  In order for a Firewall Rule to apply to the list of networks in the Trusted Networks policy, you must create a firewall rule and set the Local/Remote Host to "Trusted".

     

     

     

    Second Question:

    I have had in past few systems where even thou I have had in Trusted Networks specified ranges. System was not able to access ie. Printer even thou it was fitting the range.

    See #1 above.  If you did not have a Firewall rule for "Trusted", the network traffic would not be allowed for Trusted Networks.  VPN traffic should be allowed via Firewall Rules above any Location Aware Group (same as the Allow Loopback traffic rule).

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points