Filter
Top Products
17
McAfee
®
Host Intrusion Prevention 6.1 Installation/Configuration Guide Basic Concepts
Firewall feature
2
Firewall feature
The Host Intrusion Prevention Firewall feature acts as a filter between a computer and
the network or Internet it is connected to. The 6.0 Firewall Rules policy uses static
packet filtering with top-down rule matching. When a packet is analyzed and matched
to a firewall rule, with criteria such as IP address, port number, and packet type, the
packet is allowed or blocked. If no matching rule is found, the packet is dropped. The
current version Firewall Rules policy uses both stateful packet filtering and stateful
packet inspection.
Other features include:
A Quarantine Mode into which client computers can be placed and to which you can
apply a strict set of firewall rules that defines with whom quarantined clients can
and cannot communicate.
Connection Aware Groups that let you create specialized rule groups based on a
specific connection type for each network adapter.
Firewall rules
You can create firewall rules as simple or complex as you need. Host Intrusion
Prevention supports rules based on:
Connection type (network or wireless).
IP and non-IP protocols.
Direction of the network traffic (incoming, outgoing, or both).
Applications that generated the traffic.
Service or port used by a computer (as the recipient or the sender).
Service or port used by a remote computer (as the sender or the recipient).
Source and destination IP addresses.
Time of day or week that the packet was sent or received.
Client firewall rules
As with the IPS rules, a client in Adaptive or Learn mode can create client rules to allow
blocked activity. You can track the client rules and view them in a regular and
aggregated view. Use these client rules to create new policies or add them to existing
policies that can be applied to other clients.