Firewall module
Use the Firewall module to control access to network resources, network services, and to the Internet by specified applications. A database of known, legitimate applications can automatically be granted access to these resources and services. The Firewall module can also protect against port scans, restrict Internet Connection Sharing (ICS), and warn when new nodes join a WiFi connection.
You should not enable this module if the device is using the Windows built-in firewall, or if the device stays behind a hardware-based firewall.
The Firewall module is only available when adding or editing a laptop/workstation security profile.
- Click Configuration > Security Manager > Profiles.
- Click Add, or click on an existing profile to edit.
- Click View Settings beside the Firewall module.
- Click the check box for Enable Firewall.
- In the Component Configuration area, select the Firewall features to enable.
Block port scans - the firewall blocks all port scan attempts
Allow Internet Connection Sharing (ICS) - allow users to use Windows Internet Connection Sharing
Monitor Wi-Fi connections - protect wireless interfaces as well wired interfaces
Integrate with AVC - integrates the Firewall module's rules with the Active Virus Control of the Behavioral Analysis module.
Log verbosity level - sets the logging detail level.
- Click the Settings tab and configure how trust levels are applied to network connections. Trust levels have the following properties:
- Trusted Network - disable the firewall for the network.
- Home/Office - allow traffic between computers in the local network.
- Public - filter all traffic.
- Untrusted - blaock network and internet traffic.
In the Set trust level by dropdown menu, select how the network trust level is classified.
When setting trust level by adapter, double click the network trust level or stealth mode for each adapter type to change the settings.
Stealth mode determines if the endpoint responds to ping requests; the remote setting allows responses to local network ping requests, but not ping requests from outside the local network.
- Click the Rules tab and configure the application network access and data traffic rules enforced by the Firewall module.
- Create aggressive rules - the firewall creates rules for each process that launches the application and requesting network or Internet access.
- Monitor process changes - the firewall checks every application connecting to the Internet to ensure it has not changed since adding a rule for the application. If a change has occurred, the AV Defender create a new rule based on the security level.
- Ignore signed processes - allow signed applications that have changed access to the Internet.
- Click Add and select the type of rule to create.
- Click Save.
In the Rule Policy drop-down menu, select the option to control the behavior of the firewall:
Ruleset and allow | Apply firewall rules and automatically allow all other connection attempts. |
Ruleset and ask | Apply firewall rules and prompt the user for all other connection attempts. |
Ruleset and deny | Apply firewall rules and deny all other connection attempts. |
Ruleset, known files and allow | Apply firewall rules, and automatically allow connection attempts made by known applications, and automatically allow all other unknown connection attempts. |
Ruleset, known files and ask | Apply firewall rules, automatically allow connection attempts made by known applications, and prompt the user for all other unknown connection attempts. |
Ruleset, known files and deny | Apply firewall rules, automatically allow connection attempts made by known applications and automatically deny all other unknown connection attempts. |
Select the firewall rule options. Options include:
When creating a rule, you can create an application rule or a connection rule. The application rule defines what traffic an application can send and receive and a connection rule defines address and port access is available.
For more information see Create a firewall rule.
Note that for application rules, with the Local Address you can configure the local IP addresses and ports where the rule will be applied. If you have more than one network adapter, clear the Any check box and enter a specific IP or IP/Mask address. To filter connections on a specific port or range of ports, clear the Any check box and enter the appropriate Port or port range. For a Remote Address - configure the remote IP addresses and ports where the rule will be applied. If you have more than one network adapter, clear the Any check box and enter a specific IP or IP/Mask address. To filter connections on a specific port or range of ports, clear the Any check box and enter the appropriate Port or port range.