Firewall

Print Friendly, PDF & Email

Firewall shields your endpoint by monitoring both inbound and outbound network connections. It analyzes all incoming connections whether it is secure and should be allowed through, and checks whether the outgoing communication follows the compliance that you have set for security policies. Firewall works silently in the background and monitors network activity for malicious behavior.
You can create different policies for various groups/departments like enabling Firewall protection, applying Firewall security level with an exception rule and other settings according to the requirements. For example, you can apply security level as High for the Accounts Department, and apply an exception rule by entering the policy with additional policy settings. You can also apply the Display alert message when firewall violation occurs and Enable firewall reports options. While for Marketing Department, you can create a policy with security level as Low without an exception rule and apply the Enable firewall reports options only.

Note
The Firewall feature is available only in the clients with Microsoft Windows.

For FAQ about networking, see FAQ.

Configuring Firewall

To configure policy for Firewall, follow these steps:

  1. Create Container/feature policy for Firewall.
  2. On the Feature Policy page, you can see the following list of settings with expand sign and toggle button. Expand and Enable settings that you want to configure.
    • Firewall – When you enable this, a prompt appears,”This action will disable Windows Firewall on your endpoint. Do you want to continue?”
      Click OK.
    • Exceptions
  3. To save your settings, click Save Policy.
    Importantly, if you have customized the settings and later you want to revert to the default settings, you can do so by clicking the Reset Default button.

Firewall

  1. In the Level option, select one of the following:

    • Block all
    • High
    • Medium
    • Low
    Level Description
    Block all Blocks all Inbound and Outbound connections without any exception. This is the strictest level of security.
    High Blocks all Inbound and Outbound connections with an exception rule. The exception policy can be created for allowing or denying connections either for inbound or outbound through certain communication protocols, IP address, and Ports such as TCP, UDP, and ICMP.
    Medium Blocks all Inbound and allows all Outbound connections with an exception rule. The exception policy can be created for allowing or denying either inbound or outbound connections through certain communication protocols, IP address, Ports such as TCP, UDP, and ICMP. For example, if you allow receiving data from a certain IP address, the users can receive data but cannot send to the same IP address. To take more advantage of this security level policy, it is advisable that you allow receiving inbound connections and block outbound connections.
    Low Allows all Inbound and Outbound connections. When you apply Low security level, it is advisable that you create an exception rule for denying particular inbound or outbound data with the help of certain Protocols, IP address, and Ports to take more advantage of the security level policy.
  2. By default, the Monitor Wi-Fi Networks check box is selected. This option helps to receive alert messages when connected with unsecured Wi-Fi network and when an attempt is detected to access unsecured client Wi-Fi (hotspot). Also, the reports are generated at the server.
  3. If you want an alert message about firewall violation, select the Display alert message when firewall violation occurs check box.
  4. If you want reports for all blocked connections, select the Enable firewall reports check box.

    Note
    If the Firewall policy is set as Block All, Firewall will block all connections and generate many reports that may impact your network connection.

Exceptions

With Exceptions, you can allow genuine programs to perform communication irrespective of the Firewall level whether set as High or Medium. With Exceptions, you can block or allow Inbound and Outbound communication through IP addresses and ports.

Creating the Exceptions

  1. In Exceptions section, the list of Exceptions appears.
  2. To create new exception, click Add.
  3. On the Add/Edit Exception screen, do the following.
    1. Type a name in the Exception Name text box
    2. Select a protocol. The protocol includes: TCP, UDP, and ICMP.
    3. Under Application, All Applications that meet the specified conditions option is selected by default. If you want any specific application, select Specified Applications path option and enter the path of the application.
    4. Click Next.
  4. Depending on the selection of protocol, the steps are followed.

ICMP Protocol

If you select ICMP Protocol, do the following.

  1. Under Local IP Address, do one of the following,
    • Select the Any IP Addresses option, you need not type an IP address as all IP addresses will be allowed or blocked.
    • Select the IP address option and type the IP address. Click Add to add the IP address. You can add multiple IP addresses here.
      You can add up to 25 IP addresses per exception. However, the combined count of all IP addresses in all exceptions in a policy must be equal to or less than 255.
      You can delete the IP address with help of the Delete button.
      You can also import the IP addresses from a text file using the Import button. The maximum limit to import valid IP addresses is 25 per exception.
    • Select IP Address Range option. Enter Start IP Address and End IP Address.
  2. Click Next.
  3. Configure ICMP Settings. Select the check boxes as required. The default button sets the default settings of ICMP. Click Next.
  4. Under Status, select either Enable or Disable.
  5. Click Finish.

TCP or UDP

If you select TCP or UDP option for Protocol, do the following

  1. Select one of the Direction from the following and click Next.
    • Inbound Connections
    • Outbound Connections
    • Inbound – Outbound Connections
  2. Click Next.
  3. Under Local TCP/UDP Ports, do one of the following,
    • Select the All Ports option to select all ports.
    • Select the Specific Ports option and type the port numbers. Use comma in between to add multiple ports.
    • Select the Port Range option. Enter Start Port Number and End Port Number.
  4. Click Next.
  5. Under Remote IP Address, do one of the following,
    • Select the Any IP Addresses option, you need not type an IP address as all IP addresses will be allowed or blocked.
    • Select the IP address option and type the IP address. Click Add to add the IP address. You can add multiple IP addresses here.
      You can add up to 25 IP addresses per exception. However, the combined count of all IP addresses in all exceptions in a policy must be equal to or less than 255.
      You can delete the IP address with help of Delete button.
      You can also import the IP addresses from a text file using Import button. The maximum limit to import valid IP addresses is 25 per exception.
    • Select IP Address Range option. Enter Start IP Address and End IP Address.
    • Under Domain Name, type the Domain Name. Click Add to add the Domain Name. You can add multiple Domain Names here.
      You can add up to 25 Domain Names per exception. However, the combined count of all Domain Names in all exceptions in a policy must be equal to or less than 255.
      You can delete the Domain Name with help of the Delete button.
      You can also import the Domain Names from a text file using the Import button. The maximum limit to import valid Domain Names is 25 per exception.
  6. Click Next.
  7. If you mention remote IP or port, that exception will be for outgoing communications.

  8. Under Remote TCP/UDP Ports, do one of the following,
    • The All Ports option is selected by default.
    • Select the Specific Ports option and type the port numbers. Use commas in between to add multiple ports.
    • Select the Port Range option. Enter Start Port Number and End Port Number.
  9. Click Next.
  10. Under Action, select either Allow or Deny.
  11. Under Status, select either Enable or Disable.
  12. Click Finish.
    The Exception is added at the top position in the Exceptions list. The sequence of the exceptions decides the precedence of the rule. The precedence is in descending order. You can move the exception rule with the Move Up and Move Down buttons.
  13. Click Save Policy.

Editing the Exceptions rule

You can edit the exceptions rule which are created by you. To edit the Exceptions rule, follow these steps:

  1. In Exceptions section, select the exception that you want to edit.
  2. On the Add/Edit Exception screen, you can edit the name in the Exception Name text box and edit the protocol. The protocol includes: TCP, UDP, and ICMP.
  3. Edit Application option if required.
  4. Click Next.
  5. Edit Local IP Address if required, and then click Next.
  6. Edit Local TCP/UDP Ports if required, and then click Next.
  7. Edit Remote IP Address if required, and then click Next.
  8. Edit Remote TCP/UDP Ports if required, and then click Next.
  9. Under Action, you can select either Allow or Deny.
  10. Under Status, you can select either Enable or Disable.
  11. Click Finish.
  12. Click Save Policy.

Deleting the Exceptions rule

You can delete the exceptions rule that you have created. To delete the Exceptions rule, follow these steps:

  1. In Exceptions section, select the exception that you want to delete.
  2. The action bar is enabled above the table. In the drop down, select Delete.
  3. Click Submit. The selected exception rule is deleted.
  4. Click Save Policy.

Exporting the Exceptions rule

You can export the exceptions rule that you have created. To export the Exceptions rule, follow these steps:

  1. In Exceptions section, select the exceptions that you want to export.
  2. Select Action > Export. The Opening firewall_exception.json dialog appears.
  3. Select Save File.
  4. Click Ok.
    The database file, firewall_exception.json is downloaded.

Importing the exceptions rule

You can import the exceptions rule that you have created in the earlier versions of Thirtyseven4 EDR Security. To import the Exceptions rule, follow these steps:

  1. In Exceptions section, click Add > Import. The File Upload dialog appears.
  2. Select the database file, firewall_exception.json.
  3. Click Open.
    The database file, firewall_exception.json is imported.
Was this page helpful?

Leave a Comment