Configure a Firewall Options policy

Configure the Firewall Options policy and enforce it to managed Mac.

You can define these settings in the Firewall Options policy.

  • Enable or disable Firewall protection on managed Mac.
  • Enable or disable Adaptive mode on managed Mac.
  • Retain existing client rules when enforce Firewall policy.
  • Define maximum time limit for TCP, UDP, and ICMP connections time out.
  • Define networks

For details about product features, usage, and best practices, click ? or Help.

Task

  1. Log on to the McAfee ePO server as an administrator.
  2. From the Policy Catalog, select Endpoint Security Firewall as the product, then select Options as the category.
  3. Click New Policy, type a name for the policy, then click OK.
  4. On the Policy Catalog page, click the policy that you created, then define these settings.
    In... Configure...
    Firewall Enable Firewall — Enables or disables Firewall protection on managed Mac.
    Tuning Options
    • Enable Adaptive mode (create rules on the clients automatically — Enables Adaptive mode on managed Mac.
    • Retain existing user added rules and Adaptive mode rules when this policy is enforced — Retains rules created locally on the managed Mac and the Adaptive mode rules.
    Stateful Firewall
    • No. of seconds (1 -240) before TCP connections time out
    • No. of seconds (1 -240) before UDP and ICMP echo virtual connections time out
      Note: The default value is 30 seconds.
    • Use FTP Protocol Inspection — Creates dynamic rules for FTP data connections by actively monitoring the FTP commands on the control channel.
    DNS Blocking Domain Name — Specify domain names.

    For more information, see Configure DNS Blocking.

    Defined Networks

    In Add Defined Networks

    • Single IP
    • Subnet
    • Local Subnet
    • Range
    • Fully qualified domain name
    • Any local IP address
    • Any IPV4 Address

    Select the option from the Trusted drop-down list.

    • Yes — The network is trusted automatically.
    • No — The network is not trusted automatically. The network is allowed or blocked according to the rule settings.

  5. Click Save.