Configuring Firewall

Overview

Configuring firewall is one of the most significant task of a system administrator. Firewall plays a vital role in securing the data from hackers. Endpoint Central MSP helps you to deploy customized firewall settings at ease. A firewall configuration in general, can be explained as a collection of Profiles/Rules. These Profiles/Rules, are applied on a computer to determine the permission for all inbound and outbound communication on specified ports. Using Endpoint Central MSP, you can create new configurations to deploy specific settings or modify the existing firewall settings, which were not applied using Endpoint Central MSP.

Understanding Windows Firewall Profiles

Before we start creating firewall configuration, let us know more about Windows Firewall Profiles. Every computer running Windows operating system, connects to internet/network via profiles. There are three profiles for Windows computers, they are

• Domain : This configuration will be applied to computers, which are a part of the domain. Whenever a computer reaches the internet/network the restrictions applied on the firewall of the computer will take effect. This is an ideal example of how computers work in a business environment.
• Private : When a computer is connected to a private network, the firewall restrictions will be applied to it. Private Network is the one, which is not connected/exposed directly to the internet. Private networks are configured in such a way, that a security device like NAT (Network Address Translation) or a hardware  firewall is precedes the network for security reasons. This creates a layer of security than Domains. This is configured in most enterprises to secure their corporate data.
• Public : This profile does not have any security devices or restrictions between the computer and the internet. A good example for public network, is the one you can find in airports, railway stations, coffee shops etc. You need to ensure that you have configured firewall in a most secure way, since these networks in general do not require secured access to reach the internet.

Understanding Rules

Rules are settings which provide advanced control for the system administrator. A rule is a policy, which can be forced over the profiles. Assume you create a profile for Domain and specify to block all inbound communication, you can still create a rule to add exception to the specified profile, and allow inbound communication to a specific port.

Endpoint Central MSP supports configuring firewall for computers running Windows XP and later versions.  

Follow the steps mentioned below to configure Firewall

1. Windows Vista and later versions
2. Windows XP and 2003 Server

Windows Vista and later versions

You should choose the profile to which you wanted to configure the firewall like Domain/Private/Public. You can also create a generic firewall configuration for all the profiles by selecting all. After specifying the profile, you will have to choose the Action, that needs to be performed on the firewall like,

1. Do not Modify : Will not impact the existing firewall settings, if any are configured
2. ON: Will turn on the Firewall for the target computer
3. OFF: Firewall will be turned off for the target computer

If you have chosen to turn on the firewall, then you will have to specify the action for inbound and outbound communication separately.

Here are few examples for your reference:

1. Profile All - Applies to all Domain, Private and Public profiles
   Action on Inbound : Allow
   Action on Outbound : Block
   In this case, all inbound connections will be allowed and all outbound connections will be restricted on the firewall.
2. Profile Domain - Applies to computers, only when they are connected to a Domain Network
   Action on Inbound : Allow
   Action on Outbound : Block
   In this case,  all inbound connections will be allowed and all outbound connections will be restricted on the firewall.
3. Profile Public - Applies to computers, only when they are connected to a Public Network
   Action on Inbound : Block
   Action on Outbound : Allow
   In this case,  all inbound communication will be blocked and outbound connections will be allowed on the firewall, when the computer is connected to a public network. However, if you have applied any specific rule, to exempt  inbound communication for a specific port, then the inbound communication will be allowed only the specified port .

You can create specific rules to exclude specific functions like inbound/outbound communication on specific ports.  When you create a rule, you will have to specify a name for the rule, and specify to which profile should this rule be applied, like Domain/Public/Private. You should also specify the port number/ protocol and the action to be performed as exception. You can create one or more rules for the same profile.

You can choose the target, specify the execution settings and deploy the configuration. You have successfully configured the firewall settings on computers running Windows Vista and later versions.

Windows XP and 2003 Server

If you wanted to configure Firewall on the computers running Windows XP, then ensure that Windows XP Service Pack 2 is installed on those computers.

You can choose the Action, that needs to be performed on the firewall like,

1. Do not Modify : Will not impact the existing firewall settings, if any are configured
2. ON: Will turn on the Firewall for the target computer
3. OFF: Firewall will be turned off for the target computer

After specifying the Action on Firewall, you will have to specify the Action that needs to be performed on specific ports. You can choose the action that needs to be performed on the ports like,

1. Do not Modify : Will not impact the existing settings, if any are configured
2. Allow : All connections inbound/outbound will be allowed for the port, that you choose. You will have to choose/add the port/protocol and specify the dependent services if any.
3. Block : All connections inbound/outbound will be blocked for the port, that you choose. You will have to choose/add the port/protocol and specify the dependent services if any.

You can choose the target, specify the execution settings and deploy the configuration. You have successfully configured the firewall settings on computers running Windows XP.