Loading...

Knowledge Center


FAQs for McAfee Firewall for Linux 8.0.0
Technical Articles ID:   KB84755
Last Modified:  11/28/2016

Environment

McAfee Firewall for Linux 8.0

Summary

This article is a consolidated list of common questions and answers. It is mainly intended for users who are new to the product, but can be of use to all users.

NOTE: This article deals with general questions regarding McAfee Firewall for Linux 8.0.
 
General Supported operating systems and information covering other miscellaneous topics.
General

Which environments does Firewall for Linux 8.0 support?
For details on supported environments, see article KB83745.

Is Firewall for Linux 8.0 the same product as Host IPS 8.0 for Linux or Host IPS 8.0 for Windows?
Both products are managed by the same Host IPS 8.0 ePolicy Orchestrator (ePO) extension. However, Host IPS 8.0 for Linux and Linux Firewall 8.0 are separate products installed on managed systems. Host IPS 8.0 for Linux is product Id HOSTIPS_8000 and Linux Firewall 8.0 is product Id MLFWALL_8000. Host IPS 8.0 for Linux provides IPS protection and Firewall for Linux 8.0 provides firewall protection. Policy enforcement does not overlap and the properties reported for each are separate. Host IPS 8.0 for Linux does not impact Linux Firewall 8.0. 

What happens if someone with root access changes the ePO enforced policy?
A root user will be able to change the rules using IPTables. However, the firewall will detect this change and enforce the defined ePO policy and revert any local changes.

What happens if the domain changes the IP address when using Fully Qualified Domain Names (FQDNs)?
The DNS resolution is performed while enforcing the policy and not at runtime (when traffic hits the rule). If the IP has changed, a new policy enforcement is initiated. The restart of the Firewall service or disabling/enabling the firewall will cause IPTables to pick up the new IP address for the FQDN.

Are there any plans to support Stream Control Transmission Protocol (SCTP)?
It is possible to add a rule for SCTP using ePO or the Command Line Interface (CLI).

Does Firewall for Linux 8.0 use a local server DNS?
The DNS uses the system configuration of the machine. There are no separate DNS servers explicitly mentioned in the firewall configuration.

If I configure IPTables locally from the Linux CLI, will the configurations be seen from the ePO console?
When you use the CLI to add rules and provided the option retain client side rules is enabled in the applied ePO policy, the rule will be reported to ePO during property collection. This rule can only be viewed in Host IPS 8.0 Reports as a client-side rule. The rule can be selected and added to an existing ePO policy from the reports page.

What will happen if I use IPTables to configure something that is not supported by the existing ePolicy configuration?
The configuration will be reverted in the next firewall policy enforcement.

Can you configure rules based on interface and not on IP address (such as eth0)?
No. It is not possible to configure rules based on interfaces in the current version of the product. You can create a rule using Any Local IP Address as an option and this will resolve to the IP addresses of the system that hosts the firewall. This can cause issues on systems with multiple NICs where access should be given to only eth0 or eth1.

Back to Contents

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.