214
McAfee UTM Firewall 4.0.4 Administration Guide
Firewall menu options
Access control
• Default: 1800
6
Click Submit.
Disabling security policy enforcement
1
From the Firewall menu, click Access Control > Policy tab. The Policy Enforcement page appears.
2
Clear the Enable Policy Enforcement checkbox.
3
Click Submit.
Creating a security policy group
Use this procedure to create a security policy enforcement group. A selection of different hosts can be
defined along with allowed and disallowed services. The security policy enforcement feature of access
control periodically scans for policy adherence.
The actual definition of these policy groups is very flexible. In particular, hosts are allowed to be present in
multiple security policy groups. If this is the case, an allowed service in any of the groups overrides a
denied service in all the other groups to which the host belongs. Also, if additional security scripts are
specified, then all such scripts will be run against the target host once each and any single failure denies
access.
Prerequisites:
• Define addresses and services groups. See
Addresses page
and
Creating a service group
.
• Enable policy enforcement. See
Enabling security policy enforcement
.
• Upload and test NSAL scripts (optional). See
Uploading a NASL script
and
Managing policy enforcement
scripts
.
To create a security policy group:
1
From the Firewall menu, click Access Control > Policy tab. The Policy Enforcement page appears.
2
To configure a Security Group, click New. The Modify Security Policy Group page appears (
Figure 216
).
Figure 216 Policy tab — Modify Security Policy Group
3
Enter a name for the policy group in the Name field. The Name field must be unique across all security
policy groups. The name can be 1 or more characters of any type.
4
[Optional] Enter a description in the Description field.
5
Select the host from the Scanned Host list. The entries available in the list are defined in the Addresses
page. For information, see
Addresses page
.
6
[Optional] Select a service group from the Allowed Services list. The service group specifies the services
which the hosts in this group are allowed to run. These services are not scanned for during the security
policy scans of the included hosts. The entries available in the list are defined in the Service Groups page.
For information, see
Service Groups page
.
Summary of Contents for SG310
Page 1: ...McAfee UTM Firewall Administration Guide version 4 0 4...
Page 10: ...10 McAfee UTM Firewall 4 0 4 Administration Guide...
Page 148: ...148 McAfee UTM Firewall 4 0 4 Administration Guide Network Setup menu options SIP...
Page 372: ...372 McAfee UTM Firewall 4 0 4 Administration Guide System menu features Advanced menu...
Page 410: ...410 McAfee UTM Firewall 4 0 4 Administration Guide Index...
Page 411: ......
Page 412: ...700 2237A00...