Click ‘Configuration Templates’ > ‘Profiles’ > click the name of a Windows profile > 'Add Profile Section' > 'Firewall'
CCS firewall analyzes every packet of data in and out of an endpoint using combination of Application and Global Rules.
Application Rules - Determine the network access privileges of individual applications or specific types of applications at the endpoint.
Global Rules - Rules that apply to all traffic flowing in and out of the endpoint
For Outgoing connection attempts, the application rules are consulted first and then the global rules second.
For Incoming connection attempts, the global rules are consulted first and then the application rules second.
Therefore, outgoing traffic has to 'pass' both the application rule then any global rules before it is allowed out of your system. Similarly, incoming traffic has to 'pass' any global rules first then application specific rules that may apply to the packet.
Global Rules are mainly, but not exclusively, used to filter incoming traffic for protocols other than TCP or UDP.
This article explains how to add global rules to the firewall section of a profile.
See 'How to configure internet access rights for applications via Endpoint Manager' for help to create application rules.
See 'Firewall Rules Explained' at the end of How to create a custom firewall rule set in a Windows profile to read more about construction of a rule.
Configure global firewall rules
Login to Xcitium
Click 'Applications' > 'Endpoint Manager'
Click ‘Configuration Templates’ > ‘Profiles’
Open the Windows profile applied to your target devices
Open the 'Firewall' tab if it has already been added to the profile
Click 'Add Profile Section' > 'Firewall' if it hasn't yet been added
Open the 'Global Rules' tab
EM ships with a set pf predefined global rules.
Click 'Add' to create a new rule
You configure firewall rules by defining the target traffic, and the action you want to take on that traffic.
Traffic conditions includes protocol, direction, source and destination address, and source/destination port.
If you are unsure about the settings in this area, we advise you first gain some background knowledge by reading 'Firewall Rules Explained' in the page How to create a custom firewall rule set in a Windows profile.
i. 'TCP', 'UPD' or 'TCP or UDP'
If you select 'TCP', 'UPD' or 'TCP or UDP' as the protocol, then you also have to set the source and destinations:
Source and Destination Ports
A port Range - Specify a set of ports covered by a range.
Enter the first port number and last port number in the respective fields
A set of ports - Choose a predefined Port Set. Predefined port sets are created and managed under the 'Port Sets' tab in the firewall section of a profile. See this wiki if you want mode details on creating and managing port sets.
A single port - Specify a one port number
Enter the single port number in the 'Port' drop-down combo-box .
Any - Apply the rule to any port number - set by default, 0- 65535.
ICMP (Internet Control Message Protocol) packets contain error and control information to announce network errors, congestion, timeouts, and to assist in troubleshooting. It is mainly used for traces and pings. Pinging is frequently used to perform a quick test before initiating communications.
If you select 'ICMP' as the protocol, then you also have to set the source and destination addresses and ICMP details. The source and destination addresses can be configured as explained above.
If you select 'IP' as the protocol, then you also have to set the source and destination addresses and IP details. The source and destination addresses can be configured as explained above.
IP Protocol - Select the type of IP protocol
Click OK in the 'Firewall Rule' dialog to add the rule to the ruleset
Repeat the process to add more firewall rules.
The rules are added to the list.
Click 'Save' in the 'Firewall' pane for your rules to take effect on the endpoints to which the profile is applied.