Best practices for Firewall

We recommend that you configure these firewall rules that protect your system in line with your organizational requirements.

  • McAfee Endpoint Security for Mac is shipped with a set of default firewall rules. We recommend that you use them as starting point, and modify them according to your organizational requirements.
  • If your organization does not have a firewall policy or if this is the first time your organization uses a firewall policy, we recommend that you use the default corporate policy. After, you can use the Adaptive mode for further fine tuning.
    Important: We strongly suggest not to run Adaptive mode in production.
  • Remember that Adaptive mode must be used to fine-tune the firewall rule sets. So, run Adaptive mode only for short duration to identify the organizational requirements.
  • Create Defined Networks for easier rule creation and management.
  • Configure the DNS blocking feature to block the known unwanted domains.
  • Always use firewall rule groups to organize the rules in an efficient way.
  • Make rules as specific as possible.

    For example, to allow access to a particular website, provide the name or IP address, with the port number.

  • Use more specific rules on the top of the rules set and the generic one toward the end.

    For example, to give access to a particular website for all Mac users in the organization except one system, create a specific deny rule to block the website on that particular system first.

  • Because Firewall validates rules using a top-down approach, we recommend that you always revisit the rules completely to avoid the loopholes.