Creating a Firewall Policy

Firewall Enabled: This option must be selected for the policy to be "on." In addition, the policy must be selected in the Policy List. Both conditions must apply for the policy to be used.

Security Level - Medium: Choose to block all inbound traffic to all ports, but allow all outbound traffic to all ports; use Exceptions to alter specific ports. To achieve the opposite, choose High and create a single exception rule to allow all inbound traffic for all ports and enable this rule in the Exception Rules list.

Security Level - Low: Choose to allow all traffic to all ports, and then use Exceptions to block specific ports (inbound, outbound, or both.)

Apply to All Possible IP Addresses: Choose this option for most cases. An IP address is "possible" only if it is also included in the Task.

Apply to A Range of IP Addresses: Only use this option if you are creating a policy to bind to one of several possible IP addresses that an endpoint may use (due to Dual NICs, variable locations, etc. as described in Creating and Deploying Smart Policies: Example.

Exception Rules: Only enabled rules will be included in the policy. Select an existing rule from the list of Global Exception rules that appears, or add a new one. In either case, be sure your exceptions are in fact the opposite of the Security Level you have set for the policy. For example, the default action for most rules in the Global Exception list is Allow. Enabling this rule for a policy where Security Level = Low would produce no effect.

Rule Name: Click an existing rule to modify it. Any modifications made to a global rule from within the policy will apply only to that policy. The global rule itself will not change.

Add: Click this button to create and enable a new exception rule.

Import Global Rules: Click this button to repopulate the Exception Rules list with exceptions from the Global Exception Rules list.