Firewall Management task settings

DefaultIncomingAction

The default action to perform on an inbound connection if no network rules apply to this connection type.

Allow (default value) — Allow inbound connections.

Block — Block inbound connections.

DefaultIncomingPacketAction

The default action to perform on an incoming packet if no network packet rules apply to this connection type.

Allow (default value) — Allow incoming packets.

Block — Block incoming packets.

OpenNagentPorts

Adds Network Agent dynamic rules to the network packet rules.

Yes (default value) – Add Network Agent dynamic rules to the network packet rules.

No – Do not add Network Agent dynamic rules to the network packet rules.

The [PacketRules.item_#] section contains network packet rules for the Firewall Management task. You can specify several [PacketRules.item_#] sections in any order. The application processes the scopes by index in ascending order.

Each [PacketRules.item_#] section contains the following settings:

Name

Network packet rule name.

Default value: Packet rule #<n>, where n is an index.

FirewallAction

Action to be performed on connections specified in this network packet rule.

Allow (default value) — Allow network connections.

Block — Block network connections.

Protocol

Type of protocol for which network activity is to be monitored.

Any (default value) — The Firewall Management task monitors all network activity.

TCP

UDP

ICMP

ICMPv6

IGMP

GRE

RemotePorts

Port numbers of the remote devices whose connection is monitored.

This setting can only be specified if the Protocol setting is set to TCP or UDP.

An integer or interval can be specified for this setting.

Any (default value) — Monitor all remote ports.

0 – 65535.

LocalPorts

Port numbers of the local devices whose connection is monitored.

This setting can only be specified if the Protocol setting is set to TCP or UDP.

An integer or interval can be specified for this setting.

Any (default value) — Monitor all local ports.

0 – 65535.

ICMPType

ICMP packet type.

This setting can only be specified if the Protocol setting is set to ICMP or ICMPv6.

Any (default value) — Monitor all ICMP packet types.

Integer number according to the data transfer protocol specification.

ICMPCode

ICMP packet code.

This setting can only be specified if the Protocol setting is set to ICMP or ICMPv6.

Any (default value) — Monitor all ICMP packet codes.

Integer number according to the data transfer protocol specification.

Direction

Direction of the monitored network activity.

IncomingOutgoing or InOut (default value) — Monitor both inbound and outbound connections.

Incoming or In — Monitor inbound connections.

Outgoing or Out — Monitor outbound connections.

IncomingPacket or InPacket — Monitor incoming packets.

OutgoingPacket or OutPacket — Monitor outgoing packets.

IncomingOutgoingPacket or InOutPacket — Monitor both incoming and outgoing packets.

RemoteAddress

The network addresses of the remote devices that can send and receive network packets.

Any (default value) — Monitor network packets sent and/or received by remote devices with any IP address.

Trusted — Predefined network zone for trusted networks.

Local — Predefined network zone for local networks.

Public — Predefined network zone for public networks.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

LocalAddress

Network addresses of devices that have Kaspersky Endpoint Security installed and can send and/or receive network packets.

Any (default value) — Monitor network packets sent and/or received by local devices with any IP address.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

LogAttempts

Specify whether you want the actions of the network rule to be included in the report.

Yes — Include actions in the report.

No (default value) — Do not include actions in the report.

The [NetworkZonesPublic] section contains network addresses associated with public networks.

You can specify several IP addresses or subnets of IP addresses.

Address.item_#

Specifies IP addresses or subnets of IP addresses.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

Default value: "" (no network addresses in this zone)

The [NetworkZonesLocal] section contains network addresses associated with local networks.

You can specify several IP addresses or subnets of IP addresses.

Address.item_#

Specifies IP addresses or subnets of IP addresses.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

Default value: "" (no network addresses in this zone)

The [NetworkZonesTrusted] section contains network addresses associated with trusted networks.

You can specify several IP addresses or subnets of IP addresses.

Address.item_#

Specifies IP addresses or subnets of IP addresses.

d.d.d.d — IPv4 address, where d is a decimal number from 0 to 255.

d.d.d.d/p — Subnet of IPv4 addresses, where p is a number from 0 to 32.

x:x:x:x:x:x:x:x — IPv6 address, where x is a hexadecimal number from 0 to ffff.

x:x:x:x::0/p — Subnet of IPv6 addresses, where p is a number from 0 to 64.

Default value: "" (no network addresses in this zone)