Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
919293949596979899100
92
Chapter 10 Configuring Routing and Installing Policies
Installing the Initial Policy
To be able to inspect traffic, the engines must have a policy installed on them. Installing one of
the predefined policies provides an easy way to begin using the system. You can then fine-tune
the system as needed. The following table describes the default policy elements for IPS and
Layer 2 Firewall engines.
Table 10.1 Default Policy Elements for IPS and Layer 2 Firewall Engines
Element
Type
Default
Element
Name
Description
IPS
Template
Policy
IPS Template
A Template Policy that contains the predefined Access rules necessary
for the IPS engine to communicate with the SMC and some external
components.
The IPS Template Policy uses Inspection rules from the High-Security
Inspection Policy. The IPS Template Policy provides an easy starting point
for determining what kinds of rules your system needs.
IPS Policy
Customized
High-Security
Inspection
IPS Policy
An IPS Policy that is based on the IPS Template. The Customized High-
Security Inspection IPS Policy contains a set of customized rules that
were used when the IPS was tested at ICSA Labs and NSS Labs.
Default IPS
Policy
An IPS Policy that is based on the IPS Template. The Default IPS Policy
does not add any rules to those defined in the IPS Template. It allows
you to install the predefined rules in the IPS Template on the IPS engine
right after installation (since Template Policies cannot be installed on the
engines).
Layer 2
Firewall
Template
Policy
Layer 2
Firewall
Template
A Template Policy that contains the predefined Access rules necessary
for the Layer 2 Firewall to communicate with the SMC and some external
components.
The Layer 2 Firewall Template uses Inspection rules from the No
Inspection Policy. The rules in the No Inspection Policy do not enforce
inspection.
Layer 2
Firewall
Inspection
Template
A Template Policy that is based on the Layer 2 Firewall Template. It uses
Inspection rules from the High-Security Inspection Policy.
The Layer 2 Firewall Inspection Template enables deep inspection for all
traffic.