Create timed groups

Create Firewall timed groups to restrict Internet access until a client system connects over a VPN.


  1. Select MenuPolicyPolicy Catalog, then select Endpoint Security Firewall from the Product list.
  2. From the Category list, select Rules.
  3. Click the name of an editable policy.
  4. Create a Firewall group with default settings that allow Internet connectivity.
    For example, allow port 80 HTTP traffic.
  5. In the Schedule section, select how to enable the group.
    • Enable schedule — Specifies a start and end time for the group to be enabled.
    • Disable schedule and enable the group from the McAfee system tray icon — Allows users to enable the group from the McAfee system tray icon and keeps the group enabled for the specified number of minutes.

      If you allow users to manage the timed group, you can optionally require that they provide a justification before enabling the group.

  6. Create a connection isolation group that matches the VPN network to allow necessary traffic.
    Tip: Best practice: To allow outbound traffic from only the connection isolation group on the client system, don't place any Firewall rules below this group.
  7. Click Save.