Managing Basic IP Firewall

Protocols (Regular Profile) : Managing Basic IP Firewall

The IP Firewall provides control over network traffic that is not covered by recognized protocols or by the Protocols White List, thus increasing security of network communication. It can be configured to track TCP / UDP packets, allowing only authorized traffic. It can also block any connections to specified hosts, regardless of the permissions configured for the protocols.

The IP Firewall uses a set of rules that either allow or block traffic over a network connection. Each rule specifies the criteria that a packet must match and the resulting action, either allow or deny, that is taken when a match is found. When a client computer attempts to connect to another computer, the firewall automatically checks all the incoming and outgoing traffic packets against your pre-configured rule set. At the first match, the firewall either allows or denies the packets.

By using firewall rules, you can allow only specific network connections, based on the direction of the traffic, protocol, remote host address, and destination ports. Hosts can be identified by IPv4 or IPv6 addresses.

There are two basic approaches when configuring the firewall:

•You deny all traffic and create exceptions to explicitly allow a connection through the firewall.

•You block access to specific hosts and/or ports.

Under the Protocols > Basic IP Firewall node in the console tree you can see a list of users and groups that have firewall rules specified. Rules can be specified individually for every user or group.

The shortcut menu of the basic IP firewall provides the following commands:

•Delete User - Deletes all firewall rules for a given user or group.

•Manage - Opens a dialog box where you can set or change the online (regular) firewall rules.

•Manage Offline - Opens a dialog box where you can set or change the offline firewall rules.

•Load - Loads a previously saved regular firewall rules from an external file.

•Load Offline - Loads a previously saved offline firewall rules from an external file.

•Save - Saves the regular firewall rules to an external file.

•Save Offline - Saves the offline firewall rules to an external file.

•Undefine - Resets all the regular firewall rules to the unconfigured state. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.

•Undefine Offline - Resets all the offline firewall rules to the unconfigured state. If the offline firewall rules are undefined, the regular firewall rules are applied to offline client computers.

•Remove Offline - Blocks the inheritance of the offline firewall rules and enforces the regular firewall rules. Available only in DeviceLock Group Policy Manager and DeviceLock Service Settings Editor.

For further details, see Firewall Management Tasks.