Rules
In this section you can configure the application network access and data traffic rules enforced by the firewall.
Note that available settings apply only to the Home/Office and Public profiles.
Settings
You can configure the following settings:
Protection level
The selected protection level defines the firewall decision-making logic used when applications request access to network and Internet services.
The following options are available:
Ruleset and allow
Apply existing firewall rules and automatically allow all other connection attempts.
For each new connection attempt, a rule is created and added to the ruleset.
Ruleset and ask
Apply existing firewall rules and prompt the user for action for all other connection attempts.
An alert window with detailed information about the unknown connection attempt is displayed on the user's screen.
For each new connection attempt, a rule is created and added to the ruleset.
Ruleset and deny
Apply existing firewall rules and automatically deny all other connection attempts.
For each new connection attempt, a rule is created and added to the ruleset.
Ruleset, known files and allow
Apply existing firewall rules, automatically allow connection attempts made by known applications and automatically allow all other unknown connection attempts.
For each new connection attempt, a rule is created and added to the ruleset.
Ruleset, known files and ask
Apply existing firewall rules, automatically allow connection attempts made by known applications and prompt the user for action for all other unknown connection attempts.
An alert window with detailed information about the unknown connection attempt is displayed on the user's screen.
For each new connection attempt, a rule is created and added to the ruleset.
Ruleset, known files and deny
Apply existing firewall rules, automatically allow connection attempts made by known applications and automatically deny all other unknown connection attempts.
For each new connection attempt, the default action is taken. If the aggressive ruleset generation is enabled, a rule is created and added to the ruleset as well and the efficiency of the firewall's decision-making process the next time the same traffic is detected is going to be increased.
Note
Known files represent a large collection of safe, trustworthy applications, which is compiled and continuously maintained by Bitdefender.
The automated rules pertain exclusively to the endpoint and do not apply to the policy configurations of the GravityZone console.
Important
Changing the protection level may affect the notification settings and the silent mode in the General section of the policy.
Create aggressive rules
With this option selected, the firewall will create rules for each different process that opens the application requesting network or Internet access.
Note
This involves generating user rules using MD5 and command line matching to create and utilize more precise user rules.
Create rules for applications blocked by IDS
With this option selected, the firewall will automatically create a Deny rule each time the Intrusion Detection System blocks an application.
Monitor process changes
Select this option if you want each application attempting to connect to the Internet to be checked whether it has been changed since the addition of the rule controlling its Internet access.
If the application has been changed, a new rule will be created according to the existing protection level.
Note
Usually, applications are changed by updates.
But there is a risk that they might be changed by malware applications, with the purpose of infecting the local computer and other computers in the network.
Signed applications are supposed to be trusted and have a higher degree of security.
You can select Ignore signed processes to automatically allow changed signed applications to connect to the Internet.
Rules
The Rules table lists the existing firewall rules, providing important information on each of them:
Rule name or application it refers to.
Protocol the rule applies to.
Rule action (allow or deny packets).
Actions you can take on the rule.
Rule priority.
Note
These are the firewall rules explicitly enforced by the policy.
Additional rules may be configured on computers as a result of applying firewall settings.
A number of default firewall rules help you easily allow or deny popular traffic types.
Choose the desired option from the Permission menu.
Incoming ICMP / ICMPv6
Allow or deny ICMP / ICMPv6 messages.
By default, this type of traffic is allowed.
Incoming Remote Desktop Connections
Allow or deny other computers' access over Remote Desktop Connections.
By default, this type of traffic is allowed.
Sending Emails
Allow or deny sending emails over SMTP.
By default, this type of traffic is allowed.
Web Browsing HTTP
Allow or deny HTTP web browsing.
By default, this type of traffic is allowed.
Network Printing
Allow or deny access to printers in another local area network.
By default, this type of traffic is denied.
Windows Explorer traffic on HTTP / FTP
Allow or deny HTTP and FTP traffic from Windows Explorer.
By default, this type of traffic is denied.
Besides the default rules, you can create additional firewall rules for other applications installed on endpoints.
This configuration however is reserved for administrators with strong networking skills.
To create and configure a new rule, click the Add button at the upper side of the table.
Refer to the following topic for more information.
To remove a rule from the list, select it and click the Delete button at the upper side of the table.
Note
You can neither delete nor modify the default firewall rules.
Configuring custom rules
You can configure two types of firewall rules:
Application-based rules
Such rules apply to specific software found on the client computers.
Connection-based rules
Such rules apply to any application or service that uses a specific connection.
To create and configure a new rule, click the Add button at the upper side of the table and select the desired rule type from the menu.
To edit an existing rule, click the rule name.
The following settings can be configured:
Rule name
Enter the name under which the rule will be listed in the rules table ( for example, the name of the application the rule applies to ).
Application path (only for application-based rules)
You must specify the path to the application executable file on the target computers.
Choose from the menu a predefined location and complete the path as needed.
For example, for an application installed in the
Program Files
folder, select%ProgramFiles%
and complete the path by adding a backslash (\) and the name of the application.Enter the full path in the edit field.
It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers.
Command line (only for application-based rules)
If you want the rule to apply only when the specified application is opened with a specific command in the Windows command line interface, type the respective command in the edit field. Otherwise, leave it blank.
Application MD5 (only for application-based rules)
If you want the rule to check the application's file data integrity based on its MD5 hash code, enter it in the edit field. Otherwise, leave the field blank.
Local address
Specify the local IP address and port the rule applies to.
Note
You may need to allow one or more rules and protocols for network connectivity in a segmented network, depending on the services you provide. Visit Common Firewall rules on Windows Servers for more information on this topic.
If you have more than one network adapter, you can clear the Any checkbox and type a specific IP address.
Likewise, to filter connections on a specific port or port range, clear the Any checkbox and enter the desired port or port range in the corresponding field.
Remote address
Specify the remote IP address and port the rule applies to.
To filter the traffic to and from a specific computer, clear the Any checkbox and type its IP address.
Apply rule only for directly connected computers
You can filter access based on Mac address.
Protocol
Select the IP protocol the rule applies to.
If you want the rule to apply to all protocols, select Any.
If you want the rule to apply to TCP, select TCP.
If you want the rule to apply to UDP, select UDP.
If you want the rule to apply to a specific protocol, select that protocol from the Other menu.
Note
IP protocol numbers are assigned by the Internet Assigned Numbers Authority (IANA).
You can find the complete list of assigned IP protocol numbers at http://www.iana.org/assignments/protocol-numbers.
Direction
Select the traffic direction the rule applies to.
Direction
Description
Outbound
The rule applies only for the outgoing traffic.
Inbound
The rule applies only for the incoming traffic.
Both
The rule applies in both directions.
IP version
Select the IP version (IPv4, IPv6 or any) the rule applies to.
Network
Select the type of network the rule applies to.
Permission
Select one of the available permissions:
Permission
Description
Allow
The specified application will be allowed network / Internet access under the specified circumstances.
Deny
The specified application will be denied network / Internet access under the specified circumstances.
Click Save to add the rule.
For the rules you created, use the arrows at the right side of the table to set each rule priority. The rule with higher priority is closer to the top of the list.
Importing and exporting rules
You can export and import firewall rules to use them in other policies or companies. To export rules:
Click Export at the upper side of the rules table.
Save the CSV file to your computer. Depending on your browser settings, the file may download automatically, or you will be asked to save it to a location.
Important
Each row in the CSV file corresponds to a single rule and has multiple fields.
The position of firewall rules in the CSV file determines their priority. You can change the priority of a rule by moving the entire row.
You can import up to 10.000 rules in your firewall configuration.
For the default set of rules, you can modify only the following elements:
Priority: Set the priority of the rule in any order you wish by moving the CSV row.
Permission: Modify the field set. Permission using the available permissions:
1 for Allow
2 for Deny
Any other adjustments are discarded at import.
For custom firewall rules, all field values are configurable as follows:
Field | Name and value |
---|---|
ruleType | Rule type:
|
type | The value for this field is optional. |
details.name | Rule name |
details.applicationPath | Application path (only for application-based rules) |
details.commandLine | Command line (only for application-based rules) |
details.applicationMd5 | Application MD5 (only for application-based rules) |
settings.protocol | Protocol
|
settings.customProtocol | Required only if Protocol is set to Other. For specific values, consider this page. The values 0, 4, 6, 41, 61, 63, 68, 99, 114, 124, 34-37,141-143 are not supported. |
settings.direction | Direction:
|
settings.ipVersion | IP version:
|
settings.localAddress.any | Local address is set to Any:
|
settings.localAddress.ipMask | Local ddress is set to IP or IP/mask |
settings.remoteAddress.portRange | Remote address is set to Port or port range |
settings.directlyConnected.enable | Apply rule only for directly connected computers:
|
settings.directlyConnected.remoteMac | Apply rule only for directly connected computers with MAC address filter. |
permission.home | The Network to which the rule applies is Home/Office:
|
permission.public | The Network to which the rule applies is Public:
|
permission.setPermission | Available permissions:
|
To import rules:
Click Import at the upper side of the Rules table.
In the new window, click Browse and select the CSV file.
Click Import. The table is populated with the valid rules.