Network packet rules have a higher priority than network rules for applications.
To create or edit a network packet rule in Kaspersky Security Center:
Open Kaspersky Security Center Administration Console.
In the Managed devices folder of the console tree, open the folder with the name of the administration group to which the relevant protected virtual machines belong.
In the workspace, select the Policies tab.
Select a Light Agent for Windows policy in the list of policies and open the Properties: <Policy name> by double-clicking.
In the policy properties window, select the Firewall section in the list on the left.
In the right part of the window, in the Firewall rules section, click the Settings button located in the lower part of the section.
In the Firewall window that opens, on the Network packet rules tab, perform one of the following actions:
To create a new network packet rule, click the Add button.
To edit an existing network packet rule, select it in the list of network packet rules and click the Edit button.
In the Network rule window that opens, in the Action drop-down list, select the action to be performed by the Firewall when this type of network activity is detected:
Allow.
Block.
By application rules.
In the Name field, specify the name of the network service in one of the following ways:
Click the icon located to the right of the Name field and select the network service name in the drop-down list.
The application includes network services that match the most frequently used network connections.
Type the name of the network service in the Name field manually.
Specify the data transfer protocol:
Select the Protocol check box.
In the drop-down list, select the type of protocol over which the Firewall must monitor activity: TCP, UDP, ICMP, ICMPv6, IGMP or GRE.
If you select a network service from the Name drop-down list, the Protocol check box is selected and the drop-down list next to the check box indicates the protocol type that corresponds to the selected network service.
In the Direction drop-down list, select the direction of the monitored network activity.
Firewall monitors network connections with the following directions:
Inbound (packet).
Inbound.
Inbound / Outbound.
Outbound (packet).
Outbound.
If ICMP or ICMPv6 is selected as the protocol, you can specify the ICMP packet type and code:
Select the ICMP type check box and select the ICMP packet type in the drop-down list.
Select the ICMP code check box and select the ICMP packet code in the drop-down list.
If TCP or UDP is selected as the protocol, you can specify the ports of the SVM and remote devices between which the connection is to be monitored:
Type the ports of the remote device in the Remote ports field.
Type the ports of the protected virtual machine in the Local ports field.
In the Network adapters table, specify the settings of network adapters from which network packets can be sent or which can receive network packets. To do so, use the Add, Edit, and Delete buttons.
In the Maximum value of packet time to live field, specify the range of values of the time to live for inbound and/or outbound network packets. A network rule controls the transmission of network packets whose time to live is within the range from 1 to the specified value. The default value is 0 (value not defined).
Specify the network addresses of remote devices that can send and/or receive network packets. To do so, select one of the following values in the Remote addresses drop-down list:
Any address. The network rule controls network packets sent and/or received by remote devices with any IP address.
Subnet addresses. The network rule controls network packets sent and/or received by remote devices with IP addresses associated with the selected network type: Trusted networks, Local networks, Public networks.
Addresses from a list. The network rule controls network packets sent and/or received by remote devices with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
Specify the network addresses of the SVMs that can send and/or receive network packets. To do so, select one of the following values in the Local addresses drop-down list:
Any address. The network rule controls network packets sent and/or received by SVMs with any IP address.
Addresses from a list. The network rule controls network packets sent and/or received by the SVMs with IP addresses that can be specified in the list below using the Add, Edit, and Delete buttons.
If you want the actions of the network packet rule to be reflected in the report, select the Log event check box.
In the Network rule window, click OK.
If you create a new network packet rule, the rule is displayed on the Network packet rules tab of the Firewall window. By default, the new network rule is placed at the end of the list of network packet rules.
In the Firewall window, click OK.
Click the Apply button.
To create or edit a network packet rule in the local interface:
In the left part of the window, in the Anti-Virus protection section, select Firewall.
In the right part of the window, the Firewall component’s settings are displayed.
Click the Network packet rules button.
The Firewall window opens to the Network packet rules tab. This tab shows a list of default network packet rules that are set by Firewall.
If the settings in the local interface are not available, this means that the values of settings defined by the policy are used for all protected virtual machines of the administration group.