Have you tried setting up a Connection Aware Group within your firewall? Try creating a new policy with a CAG defined. A CAG is basically a rule within the firewall that says if a DNSname/default gateway/DCHP/etc. matches one of the specified listed within the CAG, then it will allow any/any for internal traffic.
Here is a high level McAfee overview about CAG's:
Otherwise you will have to do what you are doing, and create specific rules in the FW table for traffic that is internal.
Thanks for the response!
I'm pretty sure I created a CAG. Under HIPS, I am running 'typical corporate fw policy' (FW rule). I have allowed DNS in either direction as well as allow incoming NetBIOS. When I try to do a nslookup from the File share server it doesn't resolve. I then check the HIPS logs on the DC and I see that DNS is getting blocked. I'm not sure why. The block rule that it's hitting is 'Block All Traffic'. Does anyone know where this is? I only have 3 policies for HIPS (FW options, FW rules, DNS block which is by default).
I know that HIPS is blocking DNS, NetBIOS because I can see it in the logs... im not sure if I need to allow it anywhere else.
Try setting the FW rules for any direction (for ports 137/138) and see if that works for NetBIOS. The HIPS firewall doesn't always work as expected.
If you did have a CAG or it was setup correctly, it would not be blocking this.
The "Block All Traffic" is a default rule in the firewall table that you will not see unless except on the end client when it is being hit; basically if it cannot match a rule within the table, it will default to the built in Block All Traffic - which leads be to believe if you do have a CAG setup, it is not being done correctly.
You can do what drliv1980 is saying and start creating single single rules, but that will leave you with creating all types of rules every time something is tripped. It is much more efficient and easy to setup a CAG for internal traffic.