Host Intrusion Prevention support for non-IP protocols

Technical Articles ID: KB53191
Last Modified: 10/29/2020

Environment

McAfee ePolicy Orchestrator (ePO) 5.x
McAfee Host Intrusion Prevention (Host IPS) 8.0

Summary

The Host IPS client firewall filter driver detects TCP/IP and UDP protocols only. The filter might not recognize some types of non-IP traffic such as Novell IPX/SPX, and it might drop the packets. Also, the Adaptive and Learn modes do not dynamically detect and create firewall rules for non-IP protocols.

In mixed protocol traffic environments, some applications might rely on non-IP or certain application layer protocols to establish communications. In such cases, the firewall administrator must manually create appropriate firewall rules.

The best practice is to manually configure non-IP protocol rules, if Adaptive or Learn Mode fails to automatically create a firewall rule.

Solution

The option to enable Allow traffic for unsupported protocols is available on the Firewall Options configuration page in the Host IPS extension. For more information, see the Release Notes.

Related Information

KB66899 - Enable the Allow Traffic for Unsupported Protocols option to configure the NDIS drivers to pass unsupported protocol traffic instead of blocking it

Affected Products

Configuration
Host Intrusion Prevention 8.0 (EOL)

Languages:

This article is available in the following languages:

English United States
Japanese

Knowledge Center

Host Intrusion Prevention support for non-IP protocols

Environment

Summary

Solution

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

Host Intrusion Prevention support for non-IP protocols

Environment

Summary

Solution

Related Information

Affected Products

Languages:

Choose your region

Title

Title