1. In the Kaspersky Security Center Administration Console tree, select the Policies folder.
2. Select the necessary policy and double-click to open the policy properties.
3. In the Network activity control section, click the Settings button in the Firewall subsection.

   The Firewall window opens.

4. On the General tab in the Operating mode for blocking rules block, select the component operating mode:
   • Observe the state of Windows Firewall. The mode is intended for smooth transition from the logic of the Firewall Management task in the application version 3.4 and earlier to the full-featured Firewall in the application version 4.0 and later. When you upgrade the application version 3.4 and earlier, the rules of the Firewall Management task integrated into the Windows Firewall are retained. But the Firewall component no longer interacts with Windows Firewall, but only monitors Windows Firewall traffic filtering and records the corresponding events in the component's operation log. You can then create Firewall rules and/or import Windows Firewall rules and change the Firewall operating mode to Inform.
   • Inform. The application only monitors the operation of the Firewall rules and records the corresponding events in the component's operation log. The mode is intended for testing the Firewall rules. You can evaluate their applicability using the Firewall operation log. Then, if necessary, you can adjust the Firewall rules and change the Firewall operation mode to Block.
   • Block. The application filters network traffic in accordance with the component settings and records the corresponding events in the component's operation log.
5. In the Inbound connections block, configure the settings for incoming network connections:
   • Use the Action for inbound connections drop-down list to specify the action that the application performs for all incoming network connections, unless otherwise defined in the Firewall rules for incoming connections.
   • If necessary, add Firewall rules for incoming connections.

     Firewall rules for incoming connections perform the role of exclusions. For example, if you configure an allowing rule for incoming network connections, and you select Block in the Action for inbound connections drop-down list, the application allows incoming network connections that match the rule criteria.

6. In the Outbound connections block, configure the settings for outgoing network connections:
   • Use the Action for outbound connections drop-down list to specify the action that the application performs for all outgoing network connections, unless otherwise defined in the Firewall rules for outgoing connections.
   • If necessary, add Firewall rules for outgoing connections.

     Firewall rules for outgoing connections perform the role of exclusions. For example, if you configure a blocking rule for outgoing network connections, and select Allow in the Action for outbound connections drop-down list, the application blocks outgoing network connections that match the rule criteria.

7. Save your changes.

Kaspersky Embedded Systems Security applies the new settings. The date and time when the settings were changed are saved in the system audit log.

1. In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
2. Click the name of the Kaspersky Embedded Systems Security policy.

   The policy properties window opens.

3. Select the Application settings tab.
4. In the Network activity control section, click the Configure button in the Firewall subsection.

   The Firewall window opens.

5. Set the toggle switch to Firewall ENABLED.
6. In the Operating mode for blocking rules block, select the component operating mode:
   • Observe the state of Windows Firewall. The mode is intended for smooth transition from the logic of the Firewall Management task in the application version 3.4 and earlier to the full-featured Firewall in the application version 4.0 and later. When you upgrade the application version 3.4 and earlier, the rules of the Firewall Management task integrated into the Windows Firewall are retained. But the Firewall component no longer interacts with Windows Firewall, but only monitors Windows Firewall traffic filtering and records the corresponding events in the component's operation log. You can then create Firewall rules and/or import Windows Firewall rules and change the Firewall operating mode to Inform.
   • Inform. The application only monitors the operation of the Firewall rules and records the corresponding events in the component's operation log. The mode is intended for testing the Firewall rules. You can evaluate their applicability using the Firewall operation log. Then, if necessary, you can adjust the Firewall rules and change the Firewall operation mode to Block.
   • Block. The application filters network traffic in accordance with the component settings and records the corresponding events in the component's operation log.
7. In the Inbound connections block, configure the settings for incoming network connections:
   • Use the Action for inbound connections drop-down list to specify the action that the application performs for all incoming network connections, unless otherwise defined in the Firewall rules for incoming connections.
   • If necessary, add Firewall rules for incoming connections.

     Firewall rules for incoming connections perform the role of exclusions. For example, if you configure an allowing rule for incoming network connections, and you select Block in the Action for inbound connections drop-down list, the application allows incoming network connections that match the rule criteria.

8. In the Outbound connections block, configure the settings for outgoing network connections:
   • Use the Action for outbound connections drop-down list to specify the action that the application performs for all outgoing network connections, unless otherwise defined in the Firewall rules for outgoing connections.
   • If necessary, add Firewall rules for outgoing connections.

     Firewall rules for outgoing connections perform the role of exclusions. For example, if you configure a blocking rule for outgoing network connections, and select Allow in the Action for outbound connections drop-down list, the application blocks outgoing network connections that match the rule criteria.

9. Save your changes.

Kaspersky Embedded Systems Security applies the new settings. The date and time when the settings were changed are saved in the system audit log.

1. In the Kaspersky Embedded Systems Security Console tree, select Computer Control → Firewall.
2. In the results pane of the Firewall node, click Properties.

   The Properties: Firewall window opens.

3. Select the Firewall check box.
4. In the Operating mode for blocking rules block, select the component operating mode:
   • Observe the state of Windows Firewall. The mode is intended for smooth transition from the logic of the Firewall Management task in the application version 3.4 and earlier to the full-featured Firewall in the application version 4.0 and later. When you upgrade the application version 3.4 and earlier, the rules of the Firewall Management task integrated into the Windows Firewall are retained. But the Firewall component no longer interacts with Windows Firewall, but only monitors Windows Firewall traffic filtering and records the corresponding events in the component's operation log. You can then create Firewall rules and/or import Windows Firewall rules and change the Firewall operating mode to Inform.
   • Inform. The application only monitors the operation of the Firewall rules and records the corresponding events in the component's operation log. The mode is intended for testing the Firewall rules. You can evaluate their applicability using the Firewall operation log. Then, if necessary, you can adjust the Firewall rules and change the Firewall operation mode to Block.
   • Block. The application filters network traffic in accordance with the component settings and records the corresponding events in the component's operation log.
5. In the Inbound connections block, configure the settings for incoming network connections:
   • Use the Action for inbound connections drop-down list to specify the action that the application performs for all incoming network connections, unless otherwise defined in the Firewall rules for incoming connections.
   • If necessary, add Firewall rules for incoming connections.

     Firewall rules for incoming connections perform the role of exclusions. For example, if you configure an allowing rule for incoming network connections, and you select Block in the Action for inbound connections drop-down list, the application allows incoming network connections that match the rule criteria.

6. In the Outbound connections block, configure the settings for outgoing network connections:
   • Use the Action for outbound connections drop-down list to specify the action that the application performs for all outgoing network connections, unless otherwise defined in the Firewall rules for outgoing connections.
   • If necessary, add Firewall rules for outgoing connections.

     Firewall rules for outgoing connections perform the role of exclusions. For example, if you configure a blocking rule for outgoing network connections, and select Allow in the Action for outbound connections drop-down list, the application blocks outgoing network connections that match the rule criteria.

7. Save your changes.

Kaspersky Embedded Systems Security applies the new settings. The date and time when the settings were changed are saved in the system audit log.