New: September 11, 2020

Create a firewall rule

Use the Firewall module to create firewall rules to control inbound and outbound traffic on networks and between devices.

Do not enable the Firewall module or create firewall rules if the device is using the Windows built-in firewall, or if the device stays behind a hardware-based firewall.

The Firewall module is only available when adding or editing a laptop or workstation security profile.

  1. Click Configuration Security ManagerProfiles.
  2. Click Add, or click on an existing profile to edit.
  3. Click View Settings beside the Firewall module.
  4. Click the check box for Enable Firewall if not already enabled.
  5. Click the Rules tab.
  6. Click Add and select to create either an Application Rule or a Connection Rule.
  7. In the Name field, enter a name for the firewall policy.
  8. Configure the following options:
    9. Application Path Configure with an Application Rule. This specifies the exact path to the executable the rule applies to. You can include environment variables are, however wildcards are not supported. Add common environment variables by selecting them from the Specific paths drop-down menu.
    Command Line Configure with an Application Rule. Allows rules to be defined for applications that apply only when run the program is run with specific command line arguments. This is an optional field.
    Application MD5 Configure with an Application Rule. Allows rules to be defined for applications that apply only when run the program matches a specified MD5 checksum. This is an optional field.
    Local Address

    Specifies the local IP address and port that the firewall rule applies to. Select the Any checkbox to specify a rule that applies to any local IP address or port.

    If you have more than one network adapter, clear the Any check box and enter a specific IP or IP/Mask address. To filter connections on a specific port or range of ports, clear the Any check box and enter the appropriate Port or port range
    Remote Address

    Specifies the remote IP address and port that the firewall rule applies to. Select the Any checkbox to specify a rule that applies to any remote IP address or port.

    If you have more than one network adapter, clear the Any check box and enter a specific IP or IP/Mask address. To filter connections on a specific port or range of ports, clear the Any check box and enter the appropriate Port or port range.
    Apply rule only for directly connected computers Click to configure the rule to only apply to connections that match a specific remote MAC address.
    Protocol Select the specific communication protocol to be applied in the rule.
    Direction Select whether the rule applies to inbound, outbound, or all traffic.
    IP Version Select the type of connection the rule applied to.
  9. In the Permission area, select the networks and choose whether the firewall policy is an allow or deny rule.
  10. Click Save.

The new firewall rule appears in the Rules list and is enabled by default.