Creating and editing a network packet rule

When creating network packet rules, remember that they have priority over network rules for applications.

To create or edit a network packet rule:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Protection → Essential Threat Protection → Firewall.
3. Click the Packet rules button.

   This opens a list of default network packet rules that are set by Firewall.

4. Do one of the following:
   • To create a new network packet rule, click the Add button.
   • To edit a network packet rule, select it in the list of network packet rules and click the Edit button.

   This opens the packet rule properties.

5. Set the Active status for the packet rule.
6. In the Name field, manually enter the name of the network service.

   Set of parameters that define network activity. For this network activity, you can create a network rule that regulates the operation of Firewall.

7. In the Action drop-down list, select the action to be performed by Firewall on detecting this kind of network activity:
   • Allow.
   • Block.
   • By application rules.
8. You can select a predefined rule template by clicking the Packet rule template link. Rule templates describe the most frequently used network connections.

   All packet rule settings will be filled in automatically.

9. In the Direction drop-down list, select the direction of the monitored network activity.

   Firewall monitors network connections with the following directions:

   • Inbound (packet).
   • Inbound.
   • Inbound / Outbound.
   • Outbound (packet).
   • Outbound.
10. In the Protocol drop-down list, select the type of protocol whose network activity should be monitored.

    Firewall monitors network connections that use the TCP, UDP, ICMP, ICMPv6, IGMP, and GRE protocols.

    • If ICMP or ICMPv6 is selected as the protocol, you can define the ICMP packet type and code.
    • If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored:
      1. Type the ports of the remote computer in the Remote ports field.
      2. Type the ports of the local computer in the Local ports field.
11. Specify the network addresses of remote computers that can send and/or receive network packets. To do so, select one of the following values in the Remote address drop-down list:
    • Any address. The network rule controls network packets sent and/or received by remote computers with any IP address.
    • Subnet addresses. The network rule controls network packets sent and/or received by remote computers with IP addresses associated with the selected network type: Trusted networks, Local networks, or Public networks.
    • Addresses from the list. The network rule controls network packets sent and/or received by remote computers that have these IP addresses. Enter the IP addresses of computers by separating them with a comma.
12. Specify the network addresses of computers that have Kaspersky Endpoint Security installed and can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
    • Any address. The network rule controls network packets sent and/or received by computers with Kaspersky Endpoint Security installed and with any IP address.
    • Addresses from the list. The network rule controls network packets sent and/or received by computers with Kaspersky Endpoint Security installed and with IP addresses that can be specified in the list below. Enter the IP addresses of computers by separating them with a comma.

    Sometimes a local address cannot be obtained for applications that work with network packets. If this is the case, the value of the Local addresses setting is ignored.

13. If you want the actions of the network rule to be reflected in the report, select the Log events check box.
14. In the Network adapters table, specify the settings of network adapters from which network packets can be sent or which can receive network packets.
15. If you want to restrict control of network packets based on their time to live (TTL), select the Use TTL check box and in the field next to it, specify the range of values of the time to live for inbound and/or outbound network packets.

    A network rule will control the transmission of network packets whose time to live does not exceed the specified value.

16. Save your changes.

Page top