Configuring firewall is one of the most significant task of a system administrator. Firewall plays a vital role in securing the data from hackers. A firewall configuration in general, can be explained as a collection of Profiles/Rules. These Profiles/Rules, are applied on a computer to determine the permission for all inbound and outbound communication on specified ports. Using Endpoint Central, you can create new configurations to deploy specific settings or modify the existing firewall settings, which were not applied using our product.
Before we start creating firewall configuration, let us know more about Windows Firewall Profiles. Every computer running on Windows operating system, connects to the internet/network via profiles. There are three profiles for Windows computers, they are
Rules are settings which provide advanced control for the system administrator. A rule is a policy, which can be forced over the profiles. Assume you create a profile for Domain and specify to block all inbound communication, you can still create a rule to add exception to the specified profile, and allow inbound communication to a specific port.
Our product supports configuring firewall for computers running Windows XP and later versions. Our Windows firewall configuration helps you to deploy customized firewall settings at ease. Thus you can configure your Windows firewall settings enhancing security at your convenience.
Follow the steps mentioned below to configure Firewall
You should choose the profile to which you wanted to configure the firewall like Domain/Private/Public. You can also create a generic firewall configuration for all the profiles by selecting all. After specifying the profile, you will have to choose the Action, that needs to be performed on the firewall like,
If you have chosen to turn on the firewall, then you will have to specify the action for inbound and outbound communication separately.
Here are few examples for your reference:
When you create a rule, you will have to specify a name for the rule, and also specify the profile to which this rule should be applied. It can be Domain/Public/Private. Group name allows you to map multiple rules under a group.
A specific port number for a protocol or all protocols can be added to exception. In order to do that, you should specify the port number/ protocol and the action to be performed as exception.
You can create specific rules to exclude specific functions like inbound/outbound communication on specific ports.
You can also add a program to exception. In order to do that, you should specify the program path to be added to exception. You can also dynamically assign values here using Assign Dynamic Variable option.
You can create one or more rules for the same profile.
You can choose the target, specify the execution settings and deploy the configuration. You have successfully configured the firewall settings on computers running Windows Vista and later versions.
If you wanted to configure Firewall on the computers running Windows XP, then ensure that Windows XP Service Pack 2 is installed on those computers. |
You can choose the Action, that needs to be performed on the firewall like,
After specifying the Action on Firewall, you will have to specify the Action that needs to be performed on specific ports. You can choose the action that needs to be performed on the ports like,
You can choose the target, specify the execution settings and deploy the configuration. You have successfully configured the firewall settings on computers running Windows XP.
Note: For proper communication between the agent and the Endpoint Central server, the dynamic ports in the ranges of 1,025 - 5,000 and 49,152 - 65,535 should be kept open, as source ports are randomly generated. The new default start port and the default end port is 49,152 and 65,535 respectively.
For more information on changes to the default dynamic port range, refer to this Microsoft document.