DeviceLock Security Policies (Offline Profile) : Managing Offline Security Policies for Protocols : Managing Offline IP Firewall : Defining offline firewall rules
  
Defining offline firewall rules
You can enable offline alerts that are sent when a specific offline firewall rule fires. Such alerts are enabled immediately after setting up an offline firewall rule.
DeviceLock sends alerts on the basis of alert settings. These settings specify where and how the alerts should be sent. Before enabling alerts for a specific firewall rule, alert settings must be configured in DeviceLock Service options (see Alerts).
To define an offline firewall rule
1. If using DeviceLock Management Console, do the following:
a) Open DeviceLock Management Console and connect it to the computer running DeviceLock Service.
b) In the console tree, expand DeviceLock Service.
If using DeviceLock Service Settings Editor, do the following:
a) Open DeviceLock Service Settings Editor.
b) In the console tree, expand DeviceLock Service.
If using DeviceLock Group Policy Manager, do the following:
a) Open Group Policy Object Editor.
b) In the console tree, expand Computer Configuration, and then expand DeviceLock.
2. Expand Protocols.
3. Under Protocols, do one of the following:
Right-click Basic IP Firewall, and then click Manage Offline.
- OR -
Select Basic IP Firewall, and then click Manage Offline on the toolbar.
The Basic IP Firewall (Offline) dialog box appears.
4. In the left pane of the Basic IP Firewall (Offline) dialog box, under Users, click Add.
The Select Users or Groups dialog box appears.
5. In the Select Users or Groups dialog box, in the Enter the object names to select box, type the names of the users or groups for which you want to define the firewall rule, and then click OK.
The users and groups that you added are displayed under Users in the left pane of the Basic IP Firewall (Offline) dialog box.
To delete a user or group, in the left pane of the Basic IP Firewall (Offline) dialog box, under Users, select the user or group, and then click Delete.
6. In the left pane of the Basic IP Firewall (Offline) dialog box, under Users, select the user or group.
You can select multiple users or groups by holding down the SHIFT key or the CTRL key while clicking them.
7. In the right pane of the Basic IP Firewall (Offline) dialog box, under Rules, click Add.
The Add Rule dialog box appears.
8. In the Add Rule dialog box, specify the firewall rule parameters:
To specify the rule name, in the Name box, type a name.
To block access to the hosts specified by the Hosts setting, select the Override Protocols Permissions check box. For more information, see the Override Protocols Permissions parameter description.
To specify the protocol, under Protocol, select the check box next to the protocol of your choice. For more information, see the Protocol parameter description.
To specify what actions the firewall takes for all connections that match the rule’s criteria, under Type, click either of the following options: Allow or Deny. For more information, see the Type parameter description.
To specify the direction of traffic to which the rule applies, under Direction, select the appropriate check box. For more information, see the Direction parameter description.
To specify additional actions to be performed when the rule triggers, under If this rule triggers, select the appropriate check box. For more information, see the If this rule triggers parameter description.
To specify the remote hosts to which the rule applies, in the Hosts box, type host names or IP addresses separated by a comma or semicolon. For more information, see the Hosts parameter description.
To specify the ports on remote hosts to which the rule applies, in the Ports box, type port numbers separated by a comma or semicolon. For more information, see the Ports parameter description.
9. Click OK.
The rule you created is displayed under Rules in the right pane of the Basic IP Firewall (Offline) dialog box.
10. Click OK or Apply.
The users or groups to which the firewall rule applies are displayed under Basic IP Firewall in the console tree.
When you select a user or group to which a firewall rule applies in the console tree, in the details pane you can view detailed information regarding this rule (see Firewall Rules).
You can define different online vs. offline firewall rules for the same user or sets of users. For information about how to define online firewall rules, see Managing Basic IP Firewall.