Seqrite Endpoint Security 7.6

Firewall

Print Friendly, PDF & Email

Firewall shields your system by monitoring both inbound and outbound network connections. It analyzes all incoming connections whether it is secure and should be allowed through, and checks whether the outgoing communication follows the compliance that you have set for security policies. Firewall works silently in the background and monitors network activity for malicious behavior.

You can create different policies for various groups/departments like enabling Firewall protection, applying Firewall security level with an exception rule and other settings according to the requirements. For example, you can apply security level as High for the Accounts Department and apply an exception rule by entering the policy with additional policy settings.

You can also apply the Display alert message when firewall violation occurs and Enable firewall reports options. While for Marketing Department, you can create a policy with security level as Low without an exception rule and apply the Enable firewall reports options only.

The Firewall feature is available only in the clients with Microsoft Windows.

To configure a policy for Firewall setting, follow these steps:

  1. Log on to the Seqrite Endpoint Security Web console.
  2. Go to Settings > Client Settings > Firewall.
  3. To enable Firewall, select the Enable Firewall check box.
  4. In the Level option, select one of the following:
    • Block all
    • High
    • Medium
    • Low
  5. By default, the Monitor Wi-Fi Networks check box is selected. Because of this option, you get alert messages when connected with unsecured Wi- Fi network and when an attempt is detected to access unsecured client Wi-Fi (hotspot). Also, the reports are generated at the server.
  6. If you want an alert message about firewall violation, select the Display alert message when firewall violation occurs check box.
  7. If you want reports for all blocked connections, select the Enable firewall reports check box.
  8. In the Exceptions section, a list of default exceptions appears. You can add or manage the exceptions.
  9. To restore the default settings, click the Default button.
  10. To save your settings, click Save Policy.

If the Firewall policy is set as Block All, Firewall will block all connections and generate many reports that may impact your network connection.

Security Level

Security Level Description
Block all Blocks all Inbound and Outbound connections without any exception. This is the strictest level of security.
High Blocks all Inbound and Outbound connections with an exception rule. The exception policy can be created for allowing or denying connections either for inbound or outbound through certain communication Protocols, IP address, and Ports such as TCP, UDP, and ICMP.
Medium Blocks all Inbound and allows all Outbound connections with an exception rule. The exception policy can be created for allowing or denying either inbound or outbound connections through certain communication Protocols, IP address, Ports such as TCP, UDP, and ICMP. For example, if you allow receiving data from a certain IP address, the users can receive data but cannot send to the same IP address. To take more advantage of this security level policy, it is advisable that you allow receiving inbound connections and block outbound connections.
Low Allows all Inbound and Outbound connections. When you apply Low security level, it is advisable that you create an exception rule for denying particular inbound or outbound data with the help of certain Protocols, IP address, and Ports to take more advantage of the security level policy.

Managing the Exceptions rule

With Exceptions, you can allow genuine programs to perform communication irrespective of the Firewall level whether set as High or Medium. With Exceptions, you can block or allow Inbound and Outbound communication through IP Addresses and Ports.

Creating the Exceptions rule

To configure a policy with the Exceptions rule, follow these steps:

  1. Log on to the Seqrite Endpoint Security Web console.
  2. Go to Settings > Client Settings > Firewall.
  3. To enable Firewall, select the Enable Firewall check box.
  4. In Exceptions section, click Add.
  5. On the Add/Edit Exception screen, type a name in the Exception Name text box.

  6. Select one of the protocols from the following:

    • TCP
    • UDP

    • ICMP

      1. Under Application, All Applications that meet the specified conditions option is selected by default. If you want any specific application, select Specified Applications path option and enter the path of application.

      2. If you select ICMP Protocol, do the following

      3. Click Next.

      4. Under Local IP Address, do one of the following,

        • Select the Any IP Addresses option, you need not type an IP address as all IP addresses will be allowed or blocked.
        • Select the IP address option and type the IP address. Click Add to add the IP address.
          You can add multiple IP addresses here.You can add up to 25 IP addresses per exception.
          However, the combined count of all IP addresses in all exceptions in a policy must be equal to or less than 255.
          You can delete the IP address with help of Delete button.
          You can also import the IP addresses from a text file using Import button. The maximum limit to import valid IP addresses is 25 per exception.
        • Select IP Address Range option. Enter Start IP Address and End IP Address.

      5. Click Next.

      6. Configure ICMP Settings.

      7. Click Finish.

    1. If you select TCP or UDP option for Protocol, do the following

      1. Select one of the following options:

        • All Applications that meet the specified conditions
        • Specified Applications path
        • Provide full path of the application

      2. Click Next.

      3. Select one of the Direction from the following and click Next:

        • Inbound Connections
        • Outbound Connections
        • Inbound – Outbound Connections

      4. Under Local TCP/UDP Ports, do one of the following,

        • Select the All Ports option to select all ports.
        • Select the Specific Ports option and type the port numbers. Use comma in between to add multiple ports.
        • Select the Port Range option. Enter Start Port Number and End Port Number.
        • Click Next.

      5. Under Remote IP Address, do one of the following,

        • Select the Any IP Addresses option, you need not type an IP address as all IP addresses will be allowed or blocked.
        • Select the IP address option and type the IP address. Click Add to add the IP address.
          You can add multiple IP addresses here.You can add up to 25 IP addresses per exception.
          However, the combined count of all IP addresses in all exceptions in a policy must be equal to or less than 255.
          You can delete the IP address with help of Delete button.
          You can also import the IP addresses from a text file using Import button. The maximum limit to import valid IP addresses is 25 per exception.
        • Select IP Address Range option. Enter Start IP Address and End IP Address.
        • Under Domain Name, type the Domain Name. Click Add to add the Domain Name.
          You can add multiple Domain Names here. You can add up to 25 Domain Names per exception.
          However, the combined count of all Domain Names in all exceptions in a policy must be equal to or less than 255.
          You can delete the Domain Name with help of Delete button.
          You can also import the Domain Names from a text file using Import button. The maximum limit to import valid Domain Names is 25 per exception.
        • Click Next.If you mention remote IP or port, that exception will be for outgoing communications.

      6. Under Remote TCP/UDP Ports, do one of the following,

        • The All Ports option is selected by default.
        • Select the Specific Ports option and type the port numbers. Use comma in between to add multiple ports.
        • Select the Port Range option. Enter Start Port Number and End Port Number.
        • Click Next.

      7. Under Action, select either Allow or Deny.

      8. Click Finish.
        The Exception is added at top position in the Exceptions list. The sequence of the exceptions decides the precedence of the rule. The precedence is in descending order. You can move the exception rule with the Move Up and Move Down buttons.

  7. Click Save Policy.

Editing the Exceptions rule

You can edit the exceptions rule which are created by you if required. To edit the Exceptions rule, follow these steps:

  1. Log on to the Seqrite Endpoint Security Web console.
  2. Go to Settings > Client Settings > Firewall.
  3. To enable Firewall, select the Enable Firewall check box.
  4. In Exceptions section, select the exception that you want to edit and click the name.
  5. On the Add/Edit Exception screen, you can edit the name in the Exception Name text box and edit the protocol.
    The protocol includes TCP, UDP, and ICMP.
  6. Click Next.
  7. Edit Local IP Address if required, and then click Next.
  8. Edit Local TCP/UDP Ports if required, and then click Next.
  9. Edit Remote IP Address if required, and then click Next.
  10. Edit Remote TCP/UDP Ports if required, and then click Next.
  11. Under Action, you can select either Allow or Deny.
  12. Click Finish.
  13. Click Save Policy.

Deleting the Exceptions rule

You can delete the exceptions rule that you created. To delete the Exceptions rule, follow these steps:

  1. Log on to the Seqrite Endpoint Security Web console.
  2. Go to Settings > Client Settings > Firewall.
  3. To enable Firewall, select the Enable Firewall check box.
  4. In Exceptions section, select the exception that you want to delete.
  5. Click Delete.The selected exception rule is deleted.
  6. Click Save Policy.

Exporting the Exceptions rule

You can export the exceptions rule that you created. To export the Exceptions rule, follow these steps:

  1. Log on to the Seqrite Endpoint Security Web console.
  2. Go to Settings > Client Settings > Firewall.
  3. To enable Firewall, select the Enable Firewall check box.
  4. In Exceptions section, select the exception that you want to export.
  5. Click Export. The Opening fwexcp.db dialog appears.
  6. Select Save File.
  7. Click Ok.
    The database file, fwexcp.db is downloaded.

Importing the exceptions rule

You can import the exceptions rule that you created in the earlier versions of EPS. To import the Exceptions rule, follow these steps:

  1. Log on to the Seqrite Endpoint Security Web console.
  2. Go to Settings > Client Settings > Firewall.
  3. To enable Firewall, select the Enable Firewall check box.
  4. Click Import. The File Upload dialog appears.
  5. Select the database file, fwexcp.db.
  6. Click Open.The database file, fwexcp.db is imported.
  7. Click Save Policy.
Was this page helpful?
Yes No

Leave a Comment