Release Notes

McAfee Firewall for Linux 8.0.0

Contents About this release Features Installation Known issues Find product documentation

About this releaseThis document contains important information about the current release. We strongly recommend thatyou read the entire document.

We do not support the automatic upgrade of a pre-release software version. To upgrade to a productionrelease of the software, you must first uninstall the existing version.

FeaturesThis release of the product includes these new features.

Stateful firewall

Keeps track of the network connections. A stateful firewall includes a state table that dynamicallystores information about active connections created by allow rules.

Regular mode

Regular mode allows and blocks traffic strictly according to the defined policy.

1

Adaptive mode

When the network packet matches a rule’s conditions, the associated action defined in the rule isexecuted. If no matching rule is found, the network packet is allowed, and a rule is created to allowsimilar packets later.

Trusted networks

Define networks that can include subnets, ranges, or a single IP address that can be used whilecreating firewall rules.

FTP inspection

Creates dynamic rules for FTP data connections automatically, by actively monitoring the FTPcommands on the control channel.

Common manageability for Linux, Windows, and Mac

McAfee ePO-based policies can be enforced on Windows, Linux, and Mac systems.

FQDN support

Supports FQDN-based rule creation.

CLI support

Supports Command Line Interface for managing the firewall.

Dev Ops tools support

Supports silent installation and command-line configuration that can be used for automation throughscripts and Dev Ops tools.

Firewall groups

Organize firewall rules of similar criteria under rule groups, and provide better rule managementcapabilities.

Time-based firewall

Configure firewall rules that are enforced only for a specific time period during the week.

Supported protocols

TCP, UDP, and ICMP.

Product management

Complete management of the product through McAfee ePO including deployment and policyenforcement.

Standalone mode

Ensures that the software can be managed without McAfee ePO.

Rule retention

Retain firewall rules configured through CLI, even if the host is managed by McAfee ePO.

2

InstallationFor information about installing Firewall for Linux, see McAfee Firewall for Linux Product Guide .

System requirementsMake sure that your system meets these requirements, and that you have administrator rights.

Component Requirement

Operating system • Red Hat 6, 7 • Amazon Linux 2014.x

• SUSE 11, 12 • CentOS 6, 7

• Ubuntu 12.04, 14.04,14.10

• Oracle Linux - Red Hat,UEK 6, 7

Hardware • Processor - 64-bit

• RAM - 2GB (minimum), 4GB (recommended)

• Hard disk space - 100MB (minimum)

McAfee® Firewall for Linux 8.0.0

McAfee® Host IntrusionPrevention extension

8.0 patch 5

McAfee® Agent 4.8 patch 2 and later

McAfee ePO 4.6.8, 5.1.1

Installation from the CLI (Unmanaged mode)This procedure involves installing McAfee Runtime and McAfee Agent for RPM-based Linux systems andUbuntu systems.

The McAfee Agent and the McAfee Runtime package are available inside the McAfeeAgent folder whenyou extract the McAfeeFirewall.zip package.

You can use the command line to install Firewall for Linux with user intervention (prompt mode) orwithout (silent mode).

Download the software packageDownload the Firewall for Linux software package to a Linux-based standalone system.

Task1 Download McAfeeFirewall.zip to a temporary directory.

2 Extract the .zip file.

\unzip McAfee Firewall.zip

3 Extract the MFW-8.0.0-XXX-Release-standalone.tar.gz file.

tar -zxvf MFW-8.0.0-XXX-Release-standalone.tar.gz

3

Install McAfee Runtime and McAfee Agent on an RPM-based systemInstall McAfee Runtime and the McAfee Agent on an RPM-based system.

Task1 Change directory.

cd McAfeeAgent

2 Install McAfee Runtime.

rpm -ivh MFErt.i686.rpm

3 Install McAfee Agent.

rpm -ivh MFEcma.i686.rpm

4 View the status of the McAfee Agent.

/etc/init.d/cma status

Install McAfee Runtime and McAfee Agent on an Ubuntu systemInstall McAfee Runtime and the McAfee Agent on an Ubuntu system.

Task1 Change directory.

cd McAfeeAgent

2 Install McAfee Runtime.

sudo dpkg -i MFErt.i686.deb

3 Install McAfee Agent.

sudo dpkg -i MFEcma.i686.deb

4 View the status of the McAfee Agent.

/etc/init.d/cma status

Install Firewall for Linux in silent modeSilent mode installation is a non-interactive process, where the End-User License Agreement is notdisplayed and the firewall is enabled automatically.

Task1 Change directory.

cd ..

2 Install the software.

./install-mfw.sh silent

The software is installed in silent mode.

4

Install Firewall for Linux in prompt modePrompt mode installation is an interactive process, where you accept the End-User License Agreementand enable the firewall.

Task1 Change directory.

cd ..

2 Install the software.

./install-mfw.sh prompt

3 When the End-User License Agreement appears, type accept, and press Enter.

4 When prompted to enable the firewall, enter y or Y, or skip this step by pressing any other key.

When you run the install command ./install-mfw.sh, by default the installation happens inprompt mode.

When the installation is complete, the software starts protecting your Linux system immediately. Anyexisting network connections that are running on your system are disconnected. You must re-establishthose connections.

Uninstall the software from a standalone systemYou can uninstall Firewall for Linux from a standalone Linux system using a command-based script.

Task1 Open the terminal window.

2 Type the following command, then press Enter.

/opt/McAfee/mfw/bin/uninstallmfw.sh

3 Confirm the uninstall activity.

The software is removed from a standalone system.

Known issuesFor a list of known issues in this product release, see this McAfee KnowledgeBase article: KB83745.

5

Find product documentationAfter a product is released, information about the product is entered into the McAfee online KnowledgeCenter.

Task1 Go to the Knowledge Center tab of the McAfee ServicePortal at http://support.mcafee.com.

2 In the Knowledge Base pane, click a content source:

• Product Documentation to find user documentation

• Technical Articles to find KnowledgeBase articles

3 Select Do not clear my filters.

4 Enter a product, select a version, then click Search to display a list of documents.

Copyright © 2015 McAfee, Inc. www.intelsecurity.com

Intel and the Intel logo are trademarks/registered trademarks of Intel Corporation. McAfee and the McAfee logo are trademarks/registered trademarks of McAfee, Inc. Other names and brands may be claimed as the property of others.

0-00