Creating and editing an application network rule

To create or edit a network rule for an application or application group:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Protection → Essential Threat Protection → Firewall.
3. Click the Application rules button.

   This opens the list of application rules.

4. In the list of applications, select the application or group of applications for which you want to create or edit a network rule.
5. Right-click to open the context menu and select Details and rules.

   The application rules and properties window opens.

6. Select the Network rules tab.
7. Do one of the following:
   • To create a new network rule, click the Add button.
   • To edit a network rule, select it in the list of network rules and click the Edit button.

   The network rule properties window opens.

8. In the Action drop-down list, select the action to be performed by Firewall on detecting this kind of network activity:
   • Allow.
   • Block.
9. You can select a predefined rule template by clicking the Network rule template link. Rule templates describe the most frequently used network connections.

   All network rule settings will be filled in automatically.

10. In the Name field, manually enter the name of the network service.

    Set of parameters that define network activity. For this network activity, you can create a network rule that regulates the operation of Firewall.

11. In the Protocol drop-down list, select the type of protocol whose network activity should be monitored.

    Firewall monitors network connections that use the TCP, UDP, ICMP, ICMPv6, IGMP, and GRE protocols.

12. In the Direction drop-down list, select the direction of the monitored network activity.

    Firewall monitors network connections with the following directions:

    • Inbound.
    • Inbound / Outbound.
    • Outbound.
13. If ICMP or ICMPv6 is selected as the protocol, you can define the ICMP packet type and code.
14. If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored:
    1. Type the ports of the remote computer in the Remote ports field.
    2. Type the ports of the local computer in the Local ports field.
15. Set the Active status for the network rule.
16. Specify the network addresses of remote computers that can send and/or receive network packets. To do so, select one of the following values from the Address drop-down list:
    • Any address. The network rule controls network packets sent and/or received by remote computers with any IP address.
    • Subnet addresses. The network rule controls network packets sent and/or received by remote computers with IP addresses associated with the selected network type: Trusted networks, Local networks, or Public networks.
    • Addresses from the list. The network rule controls network packets sent and/or received by remote computers that have these IP addresses.

    Sometimes a local address cannot be obtained for applications that work with network packets. If this is the case, the value of the Local addresses setting is ignored.

17. If you want the actions of the network rule to be reflected in the report, select the Log events check box.
18. Save your changes.

Page top