Firewall Settings

Configuring Firewall Settings and Rules

The Firewall can be enabled/disabled and configured in a Windows Policy. To enable Firewall settings, you must first enable Anti-Virus in a Windows Policy.

See Anti-Virus Settings for a guide on how to create a Windows Policy and enable the Anti-Virus protection.

Firewall Protection Settings

Firewall Protection Settings

Options

Description

Enable Firewall Protection

Firewall protection prevents hackers or malicious software from gaining access to your computer.

Allow user to disable firewall.

Checking this box disables the firewall.

Enable firewall logging.

Checking this box enables logs to be generated and stored by the firewall.

1. Select Anti-Virus from the left menu.

2. Click Firewall Protection.

3. Under Firewall Protection Settings, enable/disable the Firewall Protection.

4. If the Firewall Protection is enabled, decide if you want to Allow user to disable Firewall by selecting the box (default setting is enabled).

5. If the Firewall Protection is enabled, decide if you want to Enable/Disable Firewall Logging by selecting the box (default setting is disabled).

If this is the only setting you are configuring, click SAVE; otherwise, proceed to the next settings.

Configuring Program Rules

Next, you will need to define the Program Rules.

Program Rules define the action taken by the firewall on the network activity to and from the application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted.

6. Expand the Program Rules; this will present a list of default Firewall Rules. You can edit these rules, but they cannot be deleted.

7. To edit a rule, select the Allow/Block field that you wish to update, then select either Allow or Block from the drop-down list that appears.

8. To add a new Firewall Rule, click the + button on the top right. The Add a Rule screen will now appear.

9. Enter a Name for your new Firewall Rule.

10. Enter the Program name to be added to the Firewall Rule, including its full path.

11. Select Allow or Block for Trusted Zone Inbound.

12. Select Allow or Block for Trusted Zone Outbound.

13. Select Allow or Block for UnTrusted Zone Inbound.

14. Select Allow or Block for UnTrusted Zone Outbound.

15. Click OK; this will return you to the previous screen.

If this is the only setting you are configuring, click SAVE; otherwise, proceed to the next settings.

Configuring Network Rules

Network Rules define the action taken by the Firewall on the network activity. All Network Rules are pre-configured; they can be edited but cannot be deleted.

16. Click Network Rules to expand the view.

17. Select a Trusted or UnTrusted Zone to edit, then select either Allow or Block from the drop-down list.

If this is the only setting you are configuring, click SAVE; otherwise, proceed to the next settings.

Configuring Advanced Rules

Advanced Rules are processed in the order in which they are listed. Pre-defined Advanced Rules are generated for you, and any user-defined advanced rules will take precedence over the Pre-defined Advanced Rules.

18. Click Advanced Rules to expand the view.

19. To add a new Advanced Rule, click the + button on the top right. The Add an Advanced Rule screen will now appear.

20. Enter a Name for your new rule (UDP Block Outgoing in this example).

21. Either enter a Program name or leave it blank to apply the rule to all Programs.

22. Select an Action, Allow or Block from the drop-down list (Block in this example).

23. Select a direction In, Out, or Both (Out in this example).

24. Select the Protocol Type and click ADD; you can add multiple protocol types.

25. Select a Local Port, either All Ports or Specified Ports.

26. If Specified Ports was selected above, then enter the port(s) here.

27. Select a Remote Port, either All Ports or Specified Ports.

28. If Specified Ports was selected above, then enter the port(s) here.

29. Click OK; this will return you to the previous screen.

If this is the only setting you are configuring, click SAVE; otherwise, proceed to the next settings.

Configuring Trusted Zones

Trusted Zones specify computers, networks, and safe IP addresses. Trusted Zone and Internet (Non-Trusted) can be treated differently by Application and Network Rules.

30. Click Advanced Rules to expand the view.

31. To add a new Trusted Zone, click the + button on the top right. The Add Trusted Zone screen will now appear.

A Trusted Zone can be either a home or work Network or a Specific Computer.

32. Enter a Name for the new Trusted Zone (Seattle Network in this example).

33. Enter a Description for the new Trusted Zone.

34. Select the Address Type, either Network or IP Address (Network in this example).

If you select IP Address a Mask is not needed.

35. Enter the IP Address for the Network.

36. Enter the Mask for the Network (If you selected IP Address in step 34, you would not see the Mask option).

37. Click OK.

The new Policy's Firewall Settings have been configured. If this is the only or final setting you are configuring, click SAVE; otherwise, proceed to the next settings (Computer Settings).

Once saved, to make any changes to this configuration, navigate to the Policies tab, then locate the Policy by name in the grid, select it and click the EDIT POLICY button on the top menu bar.

Last updated