# Firewall Settings ## Configuring Firewall Settings and Rules The Firewall can be enabled/disabled and configured in a Windows Policy. To enable Firewall settings, you must first enable Anti-Virus in a Windows Policy. {% hint style="info" %} See [Anti-Virus Settings](https://docs.faronics.com/faronicsdeploy/anti-virus/faronics-anti-virus-and-firewall-protection/anti-virus) for a guide on how to create a Windows Policy and enable the Anti-Virus protection. {% endhint %} #### Firewall Protection Settings | Firewall Protection Settings | Options | Description | | ------------------------------ | ----------------------------------- | ------------------------------------------------------------------------------------------------ | | **Enable Firewall Protection** | | Firewall protection prevents hackers or malicious software from gaining access to your computer. | | | **Allow user to disable firewall.** | Checking this box disables the firewall. | | | **Enable firewall logging.** | Checking this box enables logs to be generated and stored by the firewall. | ![Firewall Settings](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYLIMIrgIR0iPXhjUUF%2F-MYLKMDVBCyQAlxOSpIc%2Fimage.png?alt=media\&token=51efcf3c-585c-4da2-b454-065a23efe193) #### 1\. Select **Anti-Virus** from the left menu. 2\. Click **Firewall Protection**. 3\. Under **Firewall Protection Settings**, enable/disable the **Firewall Protection**. 4\. If the Firewall Protection is enabled, decide if you want to **Allow user to disable Firewall** by selecting the box (default setting is enabled). 5\. If the Firewall Protection is enabled, decide if you want to Enable/Disable **Firewall Logging** by selecting the box (default setting is disabled). {% hint style="warning" %} If this is the only setting you are configuring, click **SAVE**; otherwise, proceed to the next settings. {% endhint %} ### Configuring Program Rules Next, you will need to define the Program Rules. Program Rules define the action taken by the firewall on the network activity to and from the application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted. ![Configure Program Rules for the Firewall](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYLy31SgsrCYogZaiL9%2F-MYM02_W6Oy2xTCEcz6d%2Fimage.png?alt=media\&token=3a38b633-2fd7-4e81-b47b-126f7210221b) 6\. Expand the **Program Rules**; this will present a list of default Firewall Rules. You can edit these rules, but they cannot be deleted. 7\. To edit a rule, select the **Allow/Block** field that you wish to update, then select either Allow or Block from the drop-down list that appears. 8\. To add a **new Firewall Rule**, click the **+** button on the top right. The Add a Rule screen will now appear. ![Add a Rule](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYMPsCXffDE7YdilTvL%2F-MYMQWFJ5EQ8BOTdrw5J%2Fimage.png?alt=media\&token=5bb8749c-c766-44a2-a2d2-b2371620013a) 9\. Enter a **Name** for your new Firewall Rule. 10\. Enter the **Program** name to be added to the Firewall Rule, including its full path. 11\. Select **Allow** or **Block** for **Trusted Zone Inbound**. 12\. Select **Allow** or **Block** for **Trusted Zone Outbound**. 13\. Select **Allow** or **Block** for **UnTrusted Zone Inbound**. 14\. Select **Allow** or **Block** for **UnTrusted Zone Outbound**. 15\. Click **OK**; this will return you to the previous screen. {% hint style="warning" %} If this is the only setting you are configuring, click **SAVE**; otherwise, proceed to the next settings. {% endhint %} ### Configuring Network Rules Network Rules define the action taken by the Firewall on the network activity. All Network Rules are pre-configured; they can be edited but cannot be deleted. ![Configure Network Rules](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYM40GhHBi6TvGhjA2O%2F-MYM5yeHUNUveH1z4aKp%2Fimage.png?alt=media\&token=4dea210b-a79e-443a-acdb-08b05652ffc6) 16\. Click **Network Rules** to expand the view. 17\. Select a Trusted or UnTrusted Zone to edit, then select either **Allow** or **Block** from the drop-down list. {% hint style="warning" %} If this is the only setting you are configuring, click **SAVE**; otherwise, proceed to the next settings. {% endhint %} ### ### Configuring Advanced Rules Advanced Rules are processed in the order in which they are listed. Pre-defined Advanced Rules are generated for you, and any user-defined advanced rules will take precedence over the Pre-defined Advanced Rules. ![Configuring Advanced Rules](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYM9BgVoO9qP_r2B6PN%2F-MYMD3-AFibz0mh1W1xF%2Fimage.png?alt=media\&token=9beb8209-c1f4-430f-b268-0140b7d0b38b) 18\. Click **Advanced Rules** to expand the view. 19\. To add a **new Advanced Rule**, click the **+** button on the top right. The **Add an Advanced Rule** screen will now appear. ![Adding Advanced Rules](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYM9BgVoO9qP_r2B6PN%2F-MYML8jYpcZz6PLsXZzx%2Fimage.png?alt=media\&token=8a9ac07b-612f-4c2c-9460-7b9145febf64) 20\. Enter a **Name** for your new rule (UDP Block Outgoing in this example). 21\. Either enter a **Program** name or leave it blank to apply the rule to all Programs. 22\. Select an Action, **Allow** or **Block** from the drop-down list (Block in this example). 23\. Select a direction **In**, **Out**, or **Both** (Out in this example). 24\. Select the **Protocol Type** and click **ADD**; you can add multiple protocol types. 25\. Select a **Local Port**, either **All Ports** or **Specified Ports**. 26\. If **Specified Ports** was selected above, then enter the port(s) here. 27\. Select a **Remote Port**, either **All** **Ports** or **Specified** **Ports**. 28\. If **Specified Ports** was selected above, then enter the port(s) here. 29\. Click **OK**; this will return you to the previous screen. {% hint style="warning" %} If this is the only setting you are configuring, click **SAVE**; otherwise, proceed to the next settings. {% endhint %} ### ### Configuring Trusted Zones Trusted Zones specify computers, networks, and safe IP addresses. Trusted Zone and Internet (Non-Trusted) can be treated differently by Application and Network Rules. ![](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYMMoynnbCXNUt56V7L%2F-MYMO6pXlx7fhHDiJqc9%2Fimage.png?alt=media\&token=71b58f54-bcac-48e7-afd9-fae1193660af) 30\. Click **Advanced Rules** to expand the view. 31\. To add a new **Trusted Zone**, click the **+** button on the top right. The **Add Trusted Zone** screen will now appear. ![Add a Trusted Zone](https://3007061244-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRkQfx_2cLnNNBX1muO%2F-MYMMoynnbCXNUt56V7L%2F-MYMO1MluYCH_nunUdMi%2Fimage.png?alt=media\&token=c0fd8134-7767-4d83-b98f-42c2fb82d751) {% hint style="info" %} A **Trusted Zone** can be **either** a home or work **Network** or a **Specific** **Computer**. {% endhint %} 32\. Enter a **Name** for the new Trusted Zone (Seattle Network in this example). 33\. Enter a **Description** for the new Trusted Zone. 34\. Select the **Address Type**, either **Network** or **IP** **Address** (Network in this example). {% hint style="info" %} If you select **IP Address** a **Mask** is not needed. {% endhint %} 35\. Enter the **IP Address** for the Network. 36\. Enter the **Mask** for the Network (If you selected IP Address in step 34, you would not see the Mask option). 37\. Click **OK**. {% hint style="warning" %} The new Policy's Firewall Settings have been configured. If this is the only or final setting you are configuring, click **SAVE**; otherwise, proceed to the next settings ([Computer Settings](https://docs.faronics.com/faronicsdeploy/anti-virus/faronics-anti-virus-and-firewall-protection/computer-settings)). Once saved, to make any changes to this configuration, navigate to the **Policies** tab, then locate the Policy by name in the grid, select it and click the **EDIT POLICY** button on the top menu bar. {% endhint %}