Follow

Firewall Settings Explained

Undefined Networks:

These are the networks a user has not connected to already and are not listed in the Defined networks list, so no profile exists for them yet. There are 3 options for undefined networks:

Users can choose profileallows the user to set the network as either private or public.

 

Private (Trusted) – The network will automatically be set to Private*. You will also receive the option to Overwrite the profile of every network which was already set by the user with Private (Trusted) when the option is selected.

Public (Not trusted) – the network will automatically be set to Public**. You will also receive the option to Overwrite the profile of every network which was already set by the user with Public (Not Trusted) when the option is selected.

* For better connectivity, this mode (Private) is recommended when your computer is connected to an internal/private network. The firewall allows all communication with the network.

** For higher security, this mode (Public)is recommended when your computer is connected to a public network, for example in cafes or airports. No incoming communication is allowed.

 

Defined Networks:

The Define Networks option is used to pre-define a network the user will connect to.

 

Network Name – The Network Name is how the network will appear on the client.

MAC address of network router – The MAC address of the router needs to be added to identify the network.

Profile – The profile’s setting for Private or Public.

 

You can verify a defined network has sync’d to the client by going to Tools > Firewall > Settings > Network Profiles on the client.

 

Rules:

The rules tab is used to control application and packet rules. If the Control all rules via the web console option is selected any changes the user makes will be overwritten by the settings in the portal.

 

System Rules: This tab is used to enable or disable a predefined set of rules. These rules have higher priority than the Application rules or the Advanced packet rules, so they will override any of those.

Enabled – The feature will be allowed to communicate across the network.

Disabled – The feature will not be allowed network communication

Decide based on packet rules – The feature will be allowed or blocked based on the packet rules set.

Application Rules: Here you can define the rules for applications with no pre-defined rules.

 

Adding an application rule:

Application name – The name that appears for the rule on the client

Application Path – The path to the application’s .exe file, there are several options for the syntax of the path*** or you can use a direct path (C:\Program Files (x86)\Google\Chrome\Application\Chrome.exe).

Advanced Packet Rules: These are the advanced settings for packet filtering, it is advised to leave these as-is unless absolutely necessary. When adding a packet rule you can specify the following:

            Rule name – A name for the rule for your reference

            Action – The action for the rule (Allow – Block – Ask user – Auto-decide)

            Protocol – The protocol for the rule (TCP/ICMP/UDP/etc.)

            Direction – Communication Direction (In – Out – Both)    

            Address – The IP address the rule uses

            Local Port/Remote Port – The communication ports for the rule

            ICMP Type – The ICMP type to allow/block (1-255)

 

*** - Application path options:

%CommonProgramFiles(x86)%

Use this if you need to specify an executable file located in a folder where shared program files for 32bit applications are stored, e.g.

%CommonProgramFiles(x86)%\app.exe = C:\Program Files (x86)\Common Files\app.exe

%ProgramFiles(x86)%

Use this if you need to specify an executable file located in a folder where program files for 32bit applications are stored, e.g.
%ProgramFiles(x86)%\app.exe = C:\Program Files (x86)\app.exe

%CommonProgramFiles%

Use this if you need to specify an executable file located in a folder where shared program files are stored, e.g.
%CommonProgramFiles%\app.exe = C:\Program Files\Common Files\app.exe

%ProgramFiles%

Use this if you need to specify an executable file located in a folder where program files are stored, e.g.
%ProgramFiles%\app.exe = C:\Program Files\app.exe

%WINDIR%\sysnative

Use this if you need to specify an executable file located in a core folder of the operating system, e.g.
%WINDIR%\sysnative\app.exe = C:\Windows\System32\app.exe

%WINDIR%

Use this if you need to specify an executable file located inside an operating system folder, e.g.
%WINDIR%\app.exe = C:\Windows\app.exe

%SYSTEMDRIVE%

Use this if you need to specify an executable file located anywhere else on the system drive, e.g.
%SYSTEMDRIVE%\folder_name\app.exe = C:\folder_name\app.exe

If necessary, you can specify any system variables that are available on the target device(s).

 

Was this article helpful?
4 out of 4 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk