3 Replies Latest reply on Mar 16, 2015 11:15 AM by mike18

    Application Defense Group and Profile


      Hi Everyone,


      I was reading the MCafee Product guide.

      IT says that there are 5 predefined Application Defense Groups and 5 Application Defense Profiles.

      Also all 5 have same name in both Application Defense Group and Application Defense Profile.


      Little confused are Application Defense Group and Profile is same thing?

      Is Application defense group===application Defense profile?


      Is there any difference between two?





        • 1. Re: Application Defense Group and Profile



          If you had worked with an earlier version of the product this can be a little confusing. As with your 'proxy' question, I suggest you have a look at Sam Liedl's document on how the various elements of v8 hang together.


          In older versions of the product, the proxy/service definition included basic protocol settings and time-out values and if you then wanted to apply specific protocol-level tweaks (filtering out protocol commands and such like) you then created and applied an application defense to the rule.


          With v8, the basic settings have been removed from the service definition - so if you create a service on TCP port 1234, that is all it is and nothing more. Now when you create the rule, you must apply an application defense [b]group[/b]. An application defense group must include a "generic" defense entry (this is the basic timeout values) and can then include one or more protocol-specific application defenses. How these are configured makes all the difference on how traffic passing through that rule is handled and this is what Sam's document explains.



          • 2. Re: Application Defense Group and Profile

            Here is the document I have been referring to - The basics of policy creation at version 8

            • 3. Re: Application Defense Group and Profile

              Many thanks Phil i will have look.