> Security Manager > Security Manager Modules > Firewall Module

Firewall Module

Use the Firewall module to control access to network resources, network services, and to the Internet by specified applications. A database of known, legitimate applications can automatically be granted access to these resources and services. The Firewall module can also protect against port scans, restrict Internet Connection Sharing (ICS), and warn when new nodes join a WiFi connection.

The Firewall module is only available when adding or editing a laptop/workstation security profile.

  1. In the navigation pane, click Configuration > Security Manager > Profiles
  2. Click Add, or click on an existing profile to edit.
  3. Click View Settings beside the Firewall module.

Firewall Module Settings

Setting Description

General Tab

Enable the Firewall module and configure general settings.

Select Integrate with AVC to integrate the Firewall module's rules with the Active Virus Control feature found in the Behavioral Analysis Module.

Settings Tab

Configure how trust levels and the Stealth Mode feature are applied to network connections. Stealth Mode hides associated devices from malicious software and unauthorized access through both the network and the Internet.

In addition to the rules configured in the Firewall Module tab, a number of additional rules control firewall behaviour depending on the trust level.

Rules Tab

Configure the application network access and data traffic rules enforced by the Firewall module.

Select the Rule Policy - the firewall decision-making logic - to apply when applications request access to network and Internet services:

  • Ruleset and allow - applies existing firewall rules and automatically allows all other connection attempts. For each new connection attempt, a rule is created and added to the ruleset.
  • Ruleset and ask - applies existing firewall rules and prompts for action for all other connection attempts. An alert window with detailed information about the unknown connection attempt is displayed. For each new connection attempt, a rule is created and added to the ruleset.
  • Ruleset and deny - applies existing firewall rules and automatically denies all other connection attempts. For each new connection attempt, a rule is created and added to the ruleset.
  • Ruleset, known files and allow - applies existing firewall rules, automatically allows connection attempts made by known applications, and automatically allows all other unknown connection attempts. For each new connection attempt, a rule is created and added to the ruleset.
  • Ruleset, known files and ask - applies existing firewall rules, automatically allows connection attempts made by known applications, and prompts for action for all other unknown connection attempts. An alert window with detailed information about the unknown connection attempt is displayed. For each new connection attempt, a rule is created and added to the ruleset.
  • Ruleset, known files and deny - applies existing firewall rules, automatically allows connection attempts made by known applications, and automatically denies all other unknown connection attempts. For each new connection attempt, a rule is created and added to the ruleset.

Known files represent a large collection of safe, trustworthy applications that is compiled and continuously maintained.

When creating a rule, you can create an application rule or a connection rule. The application rule defines what traffic an application can send and receive and a connection rule defines address and port access is available.

Note that for application rules, with the Local Addressyou can configure the local IP addresses and portswhere the rule will be applied. If you have more than one network adapter, you can clear the Any check box and type a specific IP or IP/Mask address. To filter connections on a specific port or range of ports, clear the Any check box and type the appropriate Port or port range. For a Remote Address - configure the remote IP addresses and ports where the rule will be applied. If you have more than one network adapter, you can clear the Any check box and type a specific IP or IP/Mask address. To filter connections on a specific port or range of ports, clear the Any check box and type the appropriate Port or port range.