Skip to main content

Rules

In this section you can configure the application network access and data traffic rules enforced by the firewall.

Note that available settings apply only to the Home/Office and Public profiles.

policies_firewall_rules_cp_48226_en.png

Settings

You can configure the following settings:

  • Protection level

    The selected protection level defines the firewall decision-making logic used when applications request access to network and Internet services.

    The following options are available:

    • Ruleset and allow

      Apply existing firewall rules and automatically allow all other connection attempts.

      For each new connection attempt, a rule is created and added to the ruleset.

    • Ruleset and ask

      Apply existing firewall rules and prompt the user for action for all other connection attempts.

      An alert window with detailed information about the unknown connection attempt is displayed on the user's screen.

      For each new connection attempt, a rule is created and added to the ruleset.

    • Ruleset and deny

      Apply existing firewall rules and automatically deny all other connection attempts.

      For each new connection attempt, a rule is created and added to the ruleset.

    • Ruleset, known files and allow

      Apply existing firewall rules, automatically allow connection attempts made by known applications and automatically allow all other unknown connection attempts.

      For each new connection attempt, a rule is created and added to the ruleset.

    • Ruleset, known files and ask

      Apply existing firewall rules, automatically allow connection attempts made by known applications and prompt the user for action for all other unknown connection attempts.

      An alert window with detailed information about the unknown connection attempt is displayed on the user's screen.

      For each new connection attempt, a rule is created and added to the ruleset.

    • Ruleset, known files and deny

      Apply existing firewall rules, automatically allow connection attempts made by known applications and automatically deny all other unknown connection attempts.

      For each new connection attempt, the default action is taken. If the aggressive ruleset generation is enabled, a rule is created and added to the ruleset as well and the efficiency of the firewall's decision-making process the next time the same traffic is detected is going to be increased.

    Note

    Known files represent a large collection of safe, trustworthy applications, which is compiled and continuously maintained by Bitdefender.

    The automated rules pertain exclusively to the endpoint and do not apply to the policy configurations of the GravityZone console.

    Important

    Changing the protection level may affect the notification settings and the silent mode in the General section of the policy.

  • Create aggressive rules

    With this option selected, the firewall will create rules for each different process that opens the application requesting network or Internet access.

    Note

    This involves generating user rules using MD5 and command line matching to create and utilize more precise user rules.

  • Create rules for applications blocked by IDS

    With this option selected, the firewall will automatically create a Deny rule each time the Intrusion Detection System blocks an application.

  • Monitor process changes

    Select this option if you want each application attempting to connect to the Internet to be checked whether it has been changed since the addition of the rule controlling its Internet access.

    If the application has been changed, a new rule will be created according to the existing protection level.

    Note

    Usually, applications are changed by updates.

    But there is a risk that they might be changed by malware applications, with the purpose of infecting the local computer and other computers in the network.

    Signed applications are supposed to be trusted and have a higher degree of security.

    You can select Ignore signed processes to automatically allow changed signed applications to connect to the Internet.

Rules

The Rules table lists the existing firewall rules, providing important information on each of them:

  • Rule name or application it refers to.

  • Protocol the rule applies to.

  • Rule action (allow or deny packets).

  • Actions you can take on the rule.

  • Rule priority.

Note

These are the firewall rules explicitly enforced by the policy.

Additional rules may be configured on computers as a result of applying firewall settings.

A number of default firewall rules help you easily allow or deny popular traffic types.

Choose the desired option from the Permission menu.

  • Incoming ICMP / ICMPv6

    Allow or deny ICMP / ICMPv6 messages.

    By default, this type of traffic is allowed.

  • Incoming Remote Desktop Connections

    Allow or deny other computers' access over Remote Desktop Connections.

    By default, this type of traffic is allowed.

  • Sending Emails

    Allow or deny sending emails over SMTP.

    By default, this type of traffic is allowed.

  • Web Browsing HTTP

    Allow or deny HTTP web browsing.

    By default, this type of traffic is allowed.

  • Network Printing

    Allow or deny access to printers in another local area network.

    By default, this type of traffic is denied.

  • Windows Explorer traffic on HTTP / FTP

    Allow or deny HTTP and FTP traffic from Windows Explorer.

    By default, this type of traffic is denied.

Besides the default rules, you can create additional firewall rules for other applications installed on endpoints.

This configuration however is reserved for administrators with strong networking skills.

To create and configure a new rule, click the Add button at the upper side of the table.

Refer to the following topic for more information.

To remove a rule from the list, select it and click the Delete button at the upper side of the table.

Note

You can neither delete nor modify the default firewall rules.

Configuring custom rules

You can configure two types of firewall rules:

  • Application-based rules

    Such rules apply to specific software found on the client computers.

  • Connection-based rules

    Such rules apply to any application or service that uses a specific connection.

To create and configure a new rule, click the Add button at the upper side of the table and select the desired rule type from the menu.

To edit an existing rule, click the rule name.

The following settings can be configured:

  • Rule name

    Enter the name under which the rule will be listed in the rules table ( for example, the name of the application the rule applies to ).

  • Application path (only for application-based rules)

    You must specify the path to the application executable file on the target computers.

    • Choose from the menu a predefined location and complete the path as needed.

      For example, for an application installed in the Program Files folder, select %ProgramFiles% and complete the path by adding a backslash (\) and the name of the application.

    • Enter the full path in the edit field.

      It is advisable to use system variables (where appropriate) to make sure the path is valid on all target computers.

  • Command line (only for application-based rules)

    If you want the rule to apply only when the specified application is opened with a specific command in the Windows command line interface, type the respective command in the edit field. Otherwise, leave it blank.

  • Application MD5 (only for application-based rules)

    If you want the rule to check the application's file data integrity based on its MD5 hash code, enter it in the edit field. Otherwise, leave the field blank.

  • Local address

    Specify the local IP address and port the rule applies to.

    Note

    You may need to allow one or more rules and protocols for network connectivity in a segmented network, depending on the services you provide. Visit Common Firewall rules on Windows Servers for more information on this topic.

    If you have more than one network adapter, you can clear the Any checkbox and type a specific IP address.

    Likewise, to filter connections on a specific port or port range, clear the Any checkbox and enter the desired port or port range in the corresponding field.

  • Remote address

    Specify the remote IP address and port the rule applies to.

    To filter the traffic to and from a specific computer, clear the Any checkbox and type its IP address.

  • Apply rule only for directly connected computers

    You can filter access based on Mac address.

  • Protocol

    Select the IP protocol the rule applies to.

    • If you want the rule to apply to all protocols, select Any.

    • If you want the rule to apply to TCP, select TCP.

    • If you want the rule to apply to UDP, select UDP.

    • If you want the rule to apply to a specific protocol, select that protocol from the Other menu.

      Note

      IP protocol numbers are assigned by the Internet Assigned Numbers Authority (IANA).

      You can find the complete list of assigned IP protocol numbers at http://www.iana.org/assignments/protocol-numbers.

  • Direction

    Select the traffic direction the rule applies to.

    Direction

    Description

    Outbound

    The rule applies only for the outgoing traffic.

    Inbound

    The rule applies only for the incoming traffic.

    Both

    The rule applies in both directions.

  • IP version

    Select the IP version (IPv4, IPv6 or any) the rule applies to.

  • Network

    Select the type of network the rule applies to.

  • Permission

    Select one of the available permissions:

    Permission

    Description

    Allow

    The specified application will be allowed network / Internet access under the specified circumstances.

    Deny

    The specified application will be denied network / Internet access under the specified circumstances.

Click Save to add the rule.

For the rules you created, use the arrows at the right side of the table to set each rule priority. The rule with higher priority is closer to the top of the list.

Importing and exporting rules

You can export and import firewall rules to use them in other policies or companies. To export rules:

  1. Click Export at the upper side of the rules table.

  2. Save the CSV file to your computer. Depending on your browser settings, the file may download automatically, or you will be asked to save it to a location.

Important

  • Each row in the CSV file corresponds to a single rule and has multiple fields.

  • The position of firewall rules in the CSV file determines their priority. You can change the priority of a rule by moving the entire row.

  • You can import up to 10.000 rules in your firewall configuration.

For the default set of rules, you can modify only the following elements:

  • Priority: Set the priority of the rule in any order you wish by moving the CSV row.

  • Permission: Modify the field set. Permission using the available permissions:

    • 1 for Allow

    • 2 for Deny

Any other adjustments are discarded at import.

For custom firewall rules, all field values are configurable as follows:

Field

Name and value

ruleType

Rule type:

  • 1 for Application rule

  • 2 for Connection rule

type

The value for this field is optional.

details.name

Rule name

details.applicationPath

Application path (only for application-based rules)

details.commandLine

Command line (only for application-based rules)

details.applicationMd5

Application MD5 (only for application-based rules)

settings.protocol

Protocol

  • 1 for Any

  • 2 for TCP

  • 3 for UDP

  • 4 for Others

settings.customProtocol

Required only if Protocol is set to Other.

For specific values, consider this page. The values 0, 4, 6, 41, 61, 63, 68, 99, 114, 124, 34-37,141-143 are not supported.

settings.direction

Direction:

  • 1 for Both

  • 2 for Inbound

  • 3 for Outbound

settings.ipVersion

IP version:

  • 1 for Any

  • 2 for IPv4

  • 3 for IPv6

settings.localAddress.any

Local address is set to Any:

  • 1 for True

  • 0 or empty for False

settings.localAddress.ipMask

Local ddress is set to IP or IP/mask

settings.remoteAddress.portRange

Remote address is set to Port or port range

settings.directlyConnected.enable

Apply rule only for directly connected computers:

  • 1 for Enabled

  • 0 for empty or disabled

settings.directlyConnected.remoteMac

Apply rule only for directly connected computers with MAC address filter.

permission.home

The Network to which the rule applies is Home/Office:

  • 1 for True

  • 0 for empty or False

permission.public

The Network to which the rule applies is Public:

  • 1 for True

  • 0 for empty or False

permission.setPermission

Available permissions:

  • 1 for Allow

  • 2 for Deny

To import rules:

  1. Click Import at the upper side of the Rules table.

  2. In the new window, click Browse and select the CSV file.

  3. Click Import. The table is populated with the valid rules.