2 Replies Latest reply: Feb 11, 2014 8:06 AM by jaroslav_vykoukal RSS

    HIP8.0 - Trusted Networks

    jaroslav_vykoukal

      Hello,

       

      I'm not new to McAfee nor HIP itself however I'd like to summarize my assumtions and if possible to get some confirmation from you guys.

       

      First question which is bugging me for quite some time is connection between "Trusted Networks" and firewall rule where I specify remote/local networks with value "Trusted".

      My understanding is that Trusted Networks should take priority over all other firewall rules, but then I somehow fail to understand what is hidden under this "Trusted" value under creation of new rules.

       

      $1EFB3528CD0D7675.jpg

       

      Second question - I have had in past few systems where even thou I have had in Trusted Networks specified ranges. System was not able to access ie. Printer even thou it was fitting the range. ( policy was replicated and of course there was no other rule blocking this ) Yes, I have LAG applied to allow traffic over specific DNS, however the systems had problems only from home, thus VPN connected. Now is there some different process for VPNing while I still have Trusted Networks set ?

      I understand that the connection then went not directly to this specific device but over VPN thus the range didn't meet the criteria - but there were no related information in Activity log nor FireSvc.log ( bunch of dns mismatches .... )

       

      I hope I didn't make this very confusing.

        • 1. Re: HIP8.0 - Trusted Networks
          Kary Tankink

          First Question:

           

          My understanding is that Trusted Networks should take priority over all other firewall rules, but then I somehow fail to understand what is hidden under this "Trusted" value under creation of new rules.

           

          Except for TrustedSource exceptions, Trusted Network entries, by itself, does nothing in the HIPS Firewall (i.e., the IP addresses are not "whitelisted" for traffic).  In order for a Firewall Rule to apply to the list of networks in the Trusted Networks policy, you must create a firewall rule and set the Local/Remote Host to "Trusted".

           

           

           

          Second Question:

          I have had in past few systems where even thou I have had in Trusted Networks specified ranges. System was not able to access ie. Printer even thou it was fitting the range.

          See #1 above.  If you did not have a Firewall rule for "Trusted", the network traffic would not be allowed for Trusted Networks.  VPN traffic should be allowed via Firewall Rules above any Location Aware Group (same as the Allow Loopback traffic rule).

          • 2. Re: HIP8.0 - Trusted Networks
            jaroslav_vykoukal

            Thanks a lot, seems that for some reason I totally omit this due to problems with TrustedSource ratting .

            Make sense and again thanks !