Creating a network packet rule
You can create a network packet rule in the following ways:
- Use the Network Monitor tool.
Network Monitor is a tool designed for viewing information about the network activity of a user's computer in real time. This is convenient because you do not need to configure all the rule settings. Some Firewall settings will be inserted automatically from Network Monitor data. Network Monitor is available only in the application interface.
- Configure the Firewall settings.
This lets you fine-tune the Firewall settings. You can create rules for any network activity, even if there is no network activity at the current time.
When creating network packet rules, remember that they have priority over network rules for applications.
How to use the Network Monitor tool to create a network packet rule in the application interface
How to use Firewall settings to create a network packet rule in the application interface
button.How to create a network packet rule in the Administration Console (MMC)
button. Rule templates describe the most frequently used network connections.How to create a network packet rule in the Web Console and Cloud Console
Network packet rule settings
Parameter | Description |
|---|---|
Action | Allow. Block. By application rules. If this option is selected, Firewall applies the application network rules to the network connection. |
Protocol | Control network activity over the selected protocol: TCP, UDP, ICMP, ICMPv6, IGMP and GRE. If ICMP or ICMPv6 is selected as the protocol, you can define the ICMP packet type and code. If TCP or UDP is selected as the protocol type, you can specify the comma-delimited port numbers of the local and remote computers between which the connection is to be monitored. |
Direction | Inbound (packet). Firewall applies the network rule to all inbound network packets. Inbound. Firewall applies the network rule to all network packets sent via a connection that was initiated by a remote computer. Inbound / Outbound. Firewall applies the network rule to both inbound and outbound network packets, regardless of whether the user's computer or a remote computer initiated the network connection. Outbound (packet). Firewall applies the network rule to all outbound network packets. Outbound. Firewall applies the network rule to all network packets sent via a connection that was initiated by the user's computer. |
Network adapters | Network adapters that can send and/or receive network packets. Specifying the settings of network adapters makes it possible to differentiate between network packets sent or received by network adapters with identical IP addresses. |
Time to live (TTL) | Restrict control of network packets based on their time to live (TTL). |
Remote address | Network addresses of remote computers that can send and receive network packets. Firewall applies the network rule to the specified range of remote network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, specify a range of IP addresses, or select a subnet (Trusted networks, Local networks, Public networks). You can also specify a DNS name of a computer instead of its IP address. You should use DNS names only for LAN computers or internal services. Interaction with cloud services (such as Microsoft Azure) and other Internet resources should be handled by the Web Control component. Kaspersky Endpoint Security supports DNS names starting from version 11.7.0. If you specify a DNS name for version 11.6.0 or older, Kaspersky Endpoint Security may apply the relevant rule to all addresses. |
Local address | Network addresses of computers that can send and receive network packets. Firewall applies a network rule to the specified range of local network addresses. You can include all IP addresses in a network rule, create a separate list of IP addresses, or specify a range of IP addresses. Kaspersky Endpoint Security supports DNS names starting from version 11.7.0. If you specify a DNS name for version 11.6.0 or older, Kaspersky Endpoint Security may apply the relevant rule to all addresses. Sometimes the local address cannot be obtained for applications. If this is the case, this parameter is ignored. |
