Firewall Policy Configuration

Create or modify a firewall policy by clicking the Add button or a Policy Name in the policy list. The options are explained below.

Figure 1: Firewall Policy Configuration Screen


The following options are available in the Firewall Policy Configuration screen:

General

  • Policy Name: The name you type here will appear in the firewall policy list. Once saved, it cannot be changed. Use a name that will make the purpose of the policy clear.

  • Firewall Enabled: Selected by default, only disable this option in a policy to uninstall the firewall from your endpoints (the Task must be deployed).

  • Security Level: This option sets the predisposition of the policy, that is, whether it Allows or Denies all traffic to all ports. You can then fine-tune the policy by adding port exceptions. These exceptions should, of course, be the inverse of the action set through the Security Level.

IP

  • Apply to All Possible IP Addresses: This is the correct choice for most firewall policies. Possible IP addresses refers to the limits inherited through the creation of the Task, Policy Action, and the endpoint’s own relevance evaluation.

  • Apply to A Range of IP Addresses: This option is available for creating location-aware policies. Be sure to move these policies to the top of the Policy List to prevent the policy from being missed.

Exception Rules

All exceptions rules are policy-specific. Exceptions created within a policy are not be available globally. Add them in the Global Exceptions screen.

  • Add button: Opens a screen for creating a new exception rule that will be unique to the policy. Exceptions that you add will automatically be selected, that is, enabled in the policy. Note that if you disable the exception and save the policy, the exception will be removed from the policy. See more information in Exception Rules Configuration.

  • Import Global Rules button: Repopulates the Exception Rules list with all exceptions from the Global Exception Rules list (including the defaults and any that you have added). This can be especially useful if you later re-open the policy and want to add additional exceptions. Those that are not included the first time will no longer appear in the list.

  • Editing existing rules: Modifications made to rules within a policy apply only to that policy, even if the rule is one of the Global Exception Rules.

  • Selecting exception rules: Select exceptions to include them in a policy.