In the command line, you can configure Firewall Management using the Firewall Management predefined task (Firewall_Management).
By default, the Firewall Management Task is not run. You can start and stop this task manually.
You can configure the firewall management settings by editing the settings of the Firewall Management predefined task.
You can also configure Firewall Management settings using Firewall Management commands:
kesl-control -F --query
.
Firewall Management task settings
Setting |
Description |
Values |
---|---|---|
|
The default action to perform on an inbound connection if no network rules apply to this connection type. |
|
|
The default action to perform on an incoming packet if no network packet rules apply to this connection type. |
|
|
Adds Network Agent dynamic rules to the network packet rules. |
|
The [PacketRules.item_#] section contains network packet rules for the Firewall Management task. You can specify several Each |
||
|
Network packet rule name. |
Default value: |
|
Action to be performed on connections specified in this network packet rule. |
|
|
Type of protocol for which network activity is to be monitored. |
|
|
Port numbers of the remote devices whose connection is monitored. An integer or interval can be specified for this value. This setting can only be specified if the |
|
|
Port numbers of the local devices whose connection is monitored. An integer or interval can be specified for this value. This setting can only be specified if the |
|
|
ICMP packet type. This setting can only be specified if the |
Integer number according to the data transfer protocol specification. |
|
ICMP packet code. This setting can only be specified if the |
Integer number according to the data transfer protocol specification. |
|
Direction of the monitored network activity. |
|
|
The network addresses of the remote devices that can send and receive network packets. |
x:x:x:x:x:x:x:x/p — Subnet of IPv6 addresses, where p is a number from 0 to 128; you can use :: for brevity. |
|
Network addresses of devices that have Kaspersky Endpoint Security installed and can send and/or receive network packets. |
x:x:x:x:x:x:x:x/p — Subnet of IPv6 addresses, where p is a number from 0 to 128; you can use :: for brevity. |
|
Include a record of the network rule action in the report. |
|
The [NetworkZonesPublic] section contains network addresses associated with public networks. You can specify several IP addresses or subnets of IP addresses. |
||
|
Specifies IP addresses or subnets of IP addresses. |
Default value: "" (no network addresses in this zone) |
The [NetworkZonesLocal] section contains network addresses associated with local networks. You can specify several IP addresses or subnets of IP addresses. |
||
|
Specifies IP addresses or subnets of IP addresses. |
Default value: |
The [NetworkZonesTrusted] section contains network addresses associated with trusted networks. You can specify several IP addresses or subnets of IP addresses. |
||
|
Specifies IP addresses or subnets of IP addresses. |
Default value: |