Creating a network packet rule
Firewall filters all network activity on the computer in accordance with network packet rules. Network packet rules contain conditions (for example, direction, protocol) that Firewall applies to control network connections of the computer. Network packet rules also specify the action that Firewall performs with the connection that matches the rule (allow or block the connection).
Recommendations for creating network packet rules
You can specify an IP address or a range of IP addresses to filter network activity. You can also specify a DNS name, but we recommend using IP addresses and IP address ranges. Using DNS names in network packet names may be insecure because the owner of the DNS server can modify the parameters of the DNS record. A malicious actor can also spoof DNS messages and circumvent Firewall rules.
You can control network connections by DNS names using Web Control rules. If you need to specify a DNS name in Firewall rules:
- Ensure the security of the corporate LAN.
- Ensure the security of caching and authoritative DNS servers.
- Enable the protection of the DNS record from modification.
When creating network packet rules, remember that they have priority over network rules for applications.
Methods of creating network packet rules
You can create a network packet rule in the following ways:
- Use the Network Monitor tool.
Network Monitor is a tool designed for viewing information about the network activity of a user's computer in real time. This is convenient because you do not need to configure all the rule settings. Some Firewall settings will be inserted automatically from Network Monitor data. Network Monitor is available only in the application interface.
- Configure the Firewall settings.
This lets you fine-tune the Firewall settings. You can create rules for any network activity, even if there is no network activity at the current time.
How to use the Network Monitor tool to create a network packet rule in the application interface
- In the main application window, in the Monitoring section, click the Network Monitor tile.
- Select the Network activity tab.
The Network activity tab shows all currently active network connections with the computer. Both outbound and inbound network connections are displayed.
- In the context menu of a network connection, select Create network packet rule.
This opens the network rule properties.
- Set the Active status for the packet rule.
- Manually enter the name of the network service in the Name field.
- Configure the network rule settings (see the table below).
You can select a predefined rule template by clicking the Network rule template link. Rule templates describe the most frequently used network connections.
All network rule settings will be filled in automatically.
- If you want the actions of the network rule to be reflected in the report, select the Log events check box.
- Click Save.
The new network rule will be added to the list.
- Use the Up / Down buttons to set the priority of the network rule.
- Save your changes.
How to use Firewall settings to create a network packet rule in the application interface
- In the main application window, click the
button. - In the application settings window, select Essential Threat Protection → Firewall.
- Click Packet rules.
This opens the list of default network rules that are set by the Firewall.
- Using the Add drop-down list, select the location of the rule in the list: at the top of the list, at the bottom of the list, or next to the selected rule.
The position of the rule in the list determines the priority of the rule. The rule at the top of the list has the highest priority.
- Set the Active status for the packet rule.
- Manually enter the name of the network service in the Name field.
- Configure the network rule settings (see the table below).
You can select a predefined rule template by clicking the Network rule template link. Rule templates describe the most frequently used network connections.
All network rule settings will be filled in automatically.
- If you want the actions of the network rule to be reflected in the report, select the Log events check box.
- Click Save.
The new network rule will be added to the list.
- Use the Up / Down buttons to set the priority of the network rule.
- Save your changes.
How to create a network packet rule in the Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select Essential Threat Protection → Firewall.
- In the Firewall settings block, click the Settings button.
This opens the list of network packet rules and the list of application network rules.
- Select the Network packet rules tab.
This opens the list of default network rules that are set by the Firewall.
- Using the Add drop-down list, select the location of the rule in the list: at the top of the list, at the bottom of the list, or next to the selected rule.
The position of the rule in the list determines the priority of the rule. The rule at the top of the list has the highest priority.
- Manually enter the name of the network service in the Name field.
- Configure the network rule settings (see the table below).
You can select a predefined rule template by clicking the
button. Rule templates describe the most frequently used network connections.
All network rule settings will be filled in automatically.
- If you want the actions of the network rule to be reflected in the report, select the Log events check box.
- Save the new network rule.
- Use the Up / Down buttons to set the priority of the network rule.
- Save your changes.
The Firewall will control network packets according to the rule. You can disable a packet rule from Firewall operation without deleting it from the list. To do so, clear the check box next to the object.
How to create a network packet rule in the Web Console and Cloud Console
- In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
- Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
- Select the Application settings tab.
- Select Essential Threat Protection → Firewall.
- In the Firewall Settings block, click the Network packet rules link.
This opens the list of default network rules that are set by the Firewall.
- Using the Add drop-down list, select the location of the rule in the list: at the top of the list, at the bottom of the list, or next to the selected rule.
The position of the rule in the list determines the priority of the rule. The rule at the top of the list has the highest priority.
- Manually enter the name of the network service in the Name field.
- Configure the network rule settings (see the table below).
You can select a predefined rule template by clicking the Select template link. Rule templates describe the most frequently used network connections.
All network rule settings will be filled in automatically.
- If you want the actions of the network rule to be reflected in the report, select the Log events check box.
- Save the network rule.
The new network rule will be added to the list.
- Use the Up / Down buttons to set the priority of the network rule.
- Save your changes.
The Firewall will control network packets according to the rule. You can disable a packet rule from Firewall operation without deleting it from the list. Use the toggle in the Status column to enable or disable the packet rule.
Network packet rule settings
Parameter
|
Description
|
Action
|
Allow.
Block.
By application rules. If this option is selected, Firewall applies the application network rules to the network connection.
|
Protocol
|
Control network activity over the selected protocol: TCP, UDP, ICMP, ICMPv6, IGMP and GRE.
If ICMP or ICMPv6 is selected as the protocol, you can define the ICMP packet type and code.
If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored.
|
Direction
|
Inbound (packet). Firewall applies the network rule to all inbound network packets.
Inbound. Firewall applies the network rule to all network packets sent via a connection that was initiated by a remote computer.
Inbound / Outbound. Firewall applies the network rule to both inbound and outbound network packets, regardless of whether the user's computer or a remote computer initiated the network connection.
Outbound (packet). Firewall applies the network rule to all outbound network packets.
Outbound. Firewall applies the network rule to all network packets sent via a connection that was initiated by the user's computer.
|
Network adapters
|
Network adapters that can send and/or receive network packets. Specifying the settings of network adapters makes it possible to differentiate between network packets sent or received by network adapters with identical IP addresses.
|
Time to live (TTL)
|
Limiting the control of network packets by their lifetime (Time to Live, TTL).
|
Remote address
|
Network addresses of remote computers that can send and receive network packets. Firewall applies the network rule to the specified range of remote network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, specify a range of IP addresses, or select a subnet (Trusted networks, Local networks, Public networks). You can also specify a DNS name of a computer instead of its IP address. You should use DNS names only for LAN computers or internal services. Interaction with cloud services (such as Microsoft Azure) and other Internet resources should be handled by the Web Control component.
If in the network packet rule, you added a DNS name for which the IP address could not be determined, Kaspersky Endpoint Security will display a warning. In the list of network packet rules in Web Console, a Warning column is added with a description of the error. In Administration Console (MMC), the error description is not available. Such packet rules are highlighted in color.
|
Local address
|
Network addresses of computers that can send and receive network packets. Firewall applies a network rule to the specified range of local network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, or specify a range of IP addresses.
The application stores local addresses only if a list of remote addresses is specified. That is, the Addresses from the list value has been selected for Remote address and at least one address has been added.
Sometimes the local address cannot be obtained for applications. If this is the case, this parameter is ignored.
|
Page top