cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
polezhaevdmi
Level 10
Report Inappropriate Content
Message 1 of 3
‎06-09-2023 05:32 AM

ENS Firewall - how to restrict McAfee core networking

Jump to solution

Environment: ENS Firewall under ePO supervision on Windows machine with VPN.

Goal: create FW rule to block all traffic outside VPN, while keep default FW protection for services, available via VPN. And do not loose Agent - ePO connectivity, which is also uses th VPN.

Questions are:

- How to restrict McAfee core networking traffic in trusted VPN network(s)? The 'McAfee core networking' rule group has no network scope, is read-only, and seems nailed to top of the list. If one will duplicate it to add trusted 'network scope' restriction, the corrected group will appear under the initial. This will have no effect on FW behaviour, because of rules processing 'from top to bottom till first match' (link for MAC, see no Windows guide).

- Is it possible to create the rule without using pre-defined template? The 'Create a New Policy' ePO dialog does not allow to skip the rule template parameter to create the 'empty' rule set.

0 Kudos
Reply
1 Solution

Accepted Solutions
Pravas
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎06-11-2023 08:33 PM

Re: ENS Firewall - how to restrict McAfee core networking

Jump to solution

Hi @polezhaevdmi ,

Not all, but its possible to disable some of the rules within McAfee Core Networking.

This can be achieved by selecting Disable McAfee core networking rules option in the Firewall Options. But, this might disrupt network communications on the client.

Please refer the document below that mentions the rules which can be disabled.

https://docs.trellix.com/bundle/endpoint-security-10.7.x-product-guide-windows/page/GUID-5C381195-22...

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reply
2 Replies
Pravas
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎06-11-2023 08:33 PM

Re: ENS Firewall - how to restrict McAfee core networking

Jump to solution

Hi @polezhaevdmi ,

Not all, but its possible to disable some of the rules within McAfee Core Networking.

This can be achieved by selecting Disable McAfee core networking rules option in the Firewall Options. But, this might disrupt network communications on the client.

Please refer the document below that mentions the rules which can be disabled.

https://docs.trellix.com/bundle/endpoint-security-10.7.x-product-guide-windows/page/GUID-5C381195-22...

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Reply
polezhaevdmi
Level 10
Report Inappropriate Content
Message 3 of 3
‎06-12-2023 09:37 AM

Re: ENS Firewall - how to restrict McAfee core networking

Jump to solution

@Pravas, You are Great!

Using the link You provided, I found a confirmation the 'copy-way' to restrict 'McAfee core networking' is legal and recommended. 

The prepared FW rule is provided below. The pair of rules 'Client VPN' (by application) + 'Client Secure GW'  (by IP) was created to made VPN slightly more redundant in the case of software upgrade.

A lot of thanks!

fw_v01.png

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC