Installation guide
93
Installing the Initial Policy
The default policy elements are introduced when you import and activate a recent dynamic
update package (for example, during the installation). The elements may change when you
install newer update packages. None of the default policy elements can be modified. However,
you can make copies of the default policies if you need to create a modified version. See the
McAfee NGFW Reference Guide for IPS and Layer 2 Firewall Roles for more information on the
predefined policies and templates.
Inspection
Policy
No
Inspection
Policy
An Inspection Policy with a set of Inspection rules that do not enforce
inspection.
Medium-
Security
Inspection
Policy
An Inspection Policy with a set of Inspection rules for detecting common
threats. The Medium-Security Inspection Policy logs Situations
categorized as Suspected Attacks but allows the traffic to pass.
The Medium-Security Inspection Policy is suitable for Firewall and Layer 2
Firewall deployments. It is also suitable for inline IPS deployments in
asymmetrically-routed networks and IPS deployments in IDS mode. The
risk of false positives is low in production use.
High-Security
Inspection
Policy
An Inspection Policy with a set of Inspection rules for detecting common
threats. The High-Security Inspection Policy terminates Suspected
Attacks with an alert.
The High-Security Inspection Policy is suitable for Firewall, Layer 2
Firewall, and inline IPS deployments in which extended inspection
coverage and strong evasion protection is required. The risk of false
positives is moderate in production use.
The High-Security Inspection Policy terminates a connection if the engine
cannot see the whole connection. It is recommended that you use the
High-Security Inspection Policy as a starting point for your Inspection
Policies.
Inspection
Policy
(cont.)
Customized
High-Security
Inspection
Policy
An Inspection Policy that is based on the High-Security Inspection Policy
and contains a set of customized Inspection rules.
The High-Security Inspection Policy is an example of a highly customized
Inspection Policy for network environments in which unconditional
inspection coverage and evasion protection are required. The risk of
false positives is high in production use.
The High-Security Inspection Policy was used when the IPS was tested at
ICSA Labs and NSS Labs. It provides an example of a customized
Inspection Policy.
Table 10.1 Default Policy Elements for IPS and Layer 2 Firewall Engines (Continued)
Element
Type
Default
Element
Name
Description