sunhux
asked on
Manageability, bugs/issues with McAfee firewall
We are contemplating whether to use McAfee endpoint security's firewall or Windows firewalls
on our 30+ branches : the branches have some crucial Desktops running database services:
though the branches (ie spoke) connect back to our DC (ie hub), potentially some branches
may have their own broadband (or even just via 4G).
It's a debate between our Windows Desktop & our Firewall admins which one to use.
I know in previous Deep Security, I will have to create numerous 'policies' : one for each
branch though the branches have the same desktops running database services listening
on the same ports and when I upgrade the agents centrally from the EPO, had run into
issues: modules (eg: Firewall or File Integrity Monitoring) that are not enabled previously
(say for servers), got auto-enabled.
So not sure if McAfee Firewall has similar or any other issues: kindly elaborate
on our 30+ branches : the branches have some crucial Desktops running database services:
though the branches (ie spoke) connect back to our DC (ie hub), potentially some branches
may have their own broadband (or even just via 4G).
It's a debate between our Windows Desktop & our Firewall admins which one to use.
I know in previous Deep Security, I will have to create numerous 'policies' : one for each
branch though the branches have the same desktops running database services listening
on the same ports and when I upgrade the agents centrally from the EPO, had run into
issues: modules (eg: Firewall or File Integrity Monitoring) that are not enabled previously
(say for servers), got auto-enabled.
So not sure if McAfee Firewall has similar or any other issues: kindly elaborate
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes you can manage it but it's not really a useful way when you have critical work that needs immediate response. Say you got a request to open port 1050 on certain branch and you have to do it immediately. in that case GPO is not going to be the right solution.
Plus you might come through issues like replication not working between DCs ..etc
Plus you might come through issues like replication not working between DCs ..etc
ASKER
I have a requirements to block only 3 Tcp ports on 50 PCs (in 25 branch offices) :
these PCs run a stripped-down DB2 services & I only want PCs in the same subnet
to connect to it. The Tcp ports are 523, 8000, 50000.
These 25 branches are in the subnets (with their default gateway 10.2.X.1)
10.2.2.0 /24 ==> so permit only 10.2.2.X to connect to its 3 ports above (incoming Tcp)
10.2.3.0 /24 ==> so permit only 10.2.3.X to connect to its 3 ports above (incoming Tcp)
. . .
10.2.27.0 /24 ==> so permit only 10.2.27.X to connect to its 3 ports above (incoming Tcp)
We would like to use McAfee endpoint security (ver 10.5) to do this blocking but we had
run into several McAfee disruptions (possibly bug, possibly unfamiliarity) & solution
below did not meet what we want because:
We don't want to block by executables but by TCP ports & I don't want a default "block-all
rule" but a default "permit-all rule" with rule only blocking the 3 specific Tcp ports.
https://community.mcafee.com/t5/ePolicy-Orchestrator/Allow-Rule-for-Executable-Blocked-by-Default-Block-All-Rule/m-p/456526#M47784
Using Windows 7 Firewall is not an option for us (for some reason).
these PCs run a stripped-down DB2 services & I only want PCs in the same subnet
to connect to it. The Tcp ports are 523, 8000, 50000.
These 25 branches are in the subnets (with their default gateway 10.2.X.1)
10.2.2.0 /24 ==> so permit only 10.2.2.X to connect to its 3 ports above (incoming Tcp)
10.2.3.0 /24 ==> so permit only 10.2.3.X to connect to its 3 ports above (incoming Tcp)
. . .
10.2.27.0 /24 ==> so permit only 10.2.27.X to connect to its 3 ports above (incoming Tcp)
We would like to use McAfee endpoint security (ver 10.5) to do this blocking but we had
run into several McAfee disruptions (possibly bug, possibly unfamiliarity) & solution
below did not meet what we want because:
We don't want to block by executables but by TCP ports & I don't want a default "block-all
rule" but a default "permit-all rule" with rule only blocking the 3 specific Tcp ports.
https://community.mcafee.com/t5/ePolicy-Orchestrator/Allow-Rule-for-Executable-Blocked-by-Default-Block-All-Rule/m-p/456526#M47784
Using Windows 7 Firewall is not an option for us (for some reason).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Windows Firewall:
https://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/