Home » Configuring Firewall
 

Configuring Windows Firewall

Configuring firewall is one of the most significant task of a system administrator. Firewall plays a vital role in securing the data from hackers. A firewall configuration in general, can be explained as a collection of Profiles/Rules. These Profiles/Rules, are applied on a computer to determine the permission for all inbound and outbound communication on specified ports. Using Endpoint Central, you can create new configurations to deploy specific settings or modify the existing firewall settings, which were not applied using our product.

Understanding Windows Firewall Profiles

Before we start creating firewall configuration, let us know more about Windows Firewall Profiles. Every computer running on Windows operating system, connects to the internet/network via profiles. There are three profiles for Windows computers, they are

  • Domain : This configuration will be applied to computers, which are a part of the domain. Whenever a computer reaches the internet/network the restrictions applied on the firewall of the computer will take effect. This is an ideal example of how computers work in a business environment.
  • Private : In this category, the firewall restrictions are applied to a computer that is connected to a private network. Private Network is the one, which is not connected/exposed directly to the internet. Private networks are configured in such a way, that a security device like NAT (Network Address Translation) or a hardware  firewall precedes the network for security reasons. This creates an additional layer of security than Domains. This type of firewall is configured in most enterprises in order to secure their corporate data.
  • Public : This profile does not have any security devices or restrictions between the computer and the internet. A good example for public network, is the one you can find in airports, railway stations, coffee shops etc. You need to ensure that you have configured firewall in a most secure way, since these networks in general do not require secured access to reach the internet.

Firewall Rules

Rules are settings which provide advanced control for the system administrator. A rule is a policy, which can be forced over the profiles. Assume you create a profile for Domain and specify to block all inbound communication, you can still create a rule to add exception to the specified profile, and allow inbound communication to a specific port.

How to Configure Windows Firewall?

Our product supports configuring firewall for computers running Windows XP and later versions. Our Windows firewall configuration helps you to deploy customized firewall settings at ease. Thus you can configure your Windows firewall settings enhancing security at your convenience.

Follow the steps mentioned below to configure Firewall

  1. Windows Vista and later versions
  2. Windows XP and 2003 Server

Windows Vista and later versions

You should choose the profile to which you wanted to configure the firewall like Domain/Private/Public. You can also create a generic firewall configuration for all the profiles by selecting all. After specifying the profile, you will have to choose the Action, that needs to be performed on the firewall like,

    1. Do not Modify : Will not impact the existing firewall settings, if any are configured
    2. ON: Will turn on the Firewall for the target computer
    3. OFF: Firewall will be turned off for the target computer

If you have chosen to turn on the firewall, then you will have to specify the action for inbound and outbound communication separately.

Here are few examples for your reference:

  1. Profile All - Applies to all Domain, Private and Public profiles
    Action on Inbound : Allow
    Action on Outbound : Block
    In this case, all inbound connections will be allowed and all outbound connections will be restricted on the firewall.
  2. Profile Domain - Applies to computers, only when they are connected to a Domain Network
    Action on Inbound : Allow
    Action on Outbound : Block
    In this case,  all inbound connections will be allowed and all outbound connections will be restricted on the firewall.
  3. Profile Public - Applies to computers, only when they are connected to a Public Network
    Action on Inbound : Block
    Action on Outbound : Allow
    In this case,  all inbound communication will be blocked and outbound connections will be allowed on the firewall, when the computer is connected to a public network. However, if you have applied any specific rule, to exempt  inbound communication for a specific port, then the inbound communication will be allowed only the specified port .

Add Rules

When you create a rule, you will have to specify a name for the rule, and also specify the profile to which this rule should be applied. It can be Domain/Public/Private. Group name allows you to map multiple rules under a group.

Protocol Exceptions

A specific port number for a protocol or all protocols can be added to exception. In order to do that, you should specify the port number/ protocol and the action to be performed as exception.

You can create specific rules to exclude specific functions like inbound/outbound communication on specific ports.

Program Exceptions

You can also add a program to exception. In order to do that, you should specify the program path to be added to exception. You can also dynamically assign values here using Assign Dynamic Variable option.

You can create one or more rules for the same profile.

You can choose the target, specify the execution settings and deploy the configuration. You have successfully configured the firewall settings on computers running Windows Vista and later versions.

Windows XP and 2003 Server

If you wanted to configure Firewall on the computers running Windows XP, then ensure that Windows XP Service Pack 2 is installed on those computers.

You can choose the Action, that needs to be performed on the firewall like,

    1. Do not Modify : Will not impact the existing firewall settings, if any are configured
    2. ON: Will turn on the Firewall for the target computer
    3. OFF: Firewall will be turned off for the target computer

After specifying the Action on Firewall, you will have to specify the Action that needs to be performed on specific ports. You can choose the action that needs to be performed on the ports like,

    1. Do not Modify : Will not impact the existing settings, if any are configured
    2. Allow : All connections inbound/outbound will be allowed for the port, that you choose. You will have to choose/add the port/protocol and specify the dependent services if any.
    3. Block : All connections inbound/outbound will be blocked for the port, that you choose. You will have to choose/add the port/protocol and specify the dependent services if any.
    4. Port : Specify the port number. The port number can also be customized by selecting a port from the list of available ports.

You can choose the target, specify the execution settings and deploy the configuration. You have successfully configured the firewall settings on computers running Windows XP.

Note: For proper communication between the agent and the Endpoint Central server, the dynamic ports in the ranges of 1,025 - 5,000 and 49,152 - 65,535 should be kept open, as source ports are randomly generated. The new default start port and the default end port is 49,152 and 65,535 respectively.

For more information on changes to the default dynamic port range, refer to this Microsoft document.