Title

(CUI) The ENS Firewall rules must allow all outbound TCP traffic. (Cat II impact)

Discussion

(CUI) Outbound connections are imperative for the operation of the McAfee Agent to communicate with the ePO server, Agent Handlers, and repositories. To ensure that connectivity is maintained, all outbound connections must be allowed with an explicit rule.

Check Content

(CUI) NOTE: If McAfee ENS Firewall is being used for host-based Firewall protection, this requirement is applicable and must be met. If the OPORD 16-0080 FRAGO 6 has been released and it is still in the implementation period, this is Not a Finding if configured per the FRAGO steps of implementation. If McAfee Host Intrusion Prevention Firewall is being used for host-based Firewall protection, this check is Not Applicable. Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Security Firewall” from the Product list. From the Category list, select “Firewall Rules”. Select each configured Firewall Rules policy. Verify a rule is explicitly configured to allow all outbound TCP traffic. If a rule is not configured to explicitly allow all outbound TCP traffic, this is a finding.

Fix Text

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Security Firewall" from the Product list. From the Category list, select "Firewall Rules". Select each configured Firewall Rules policy. Configure a rule to explicitly allow all outbound TCP traffic. Click "Save".

Additional Identifiers

Rule ID: SV-230199r772358_rule

Vulnerability ID: V-230199

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.