Firewall Management task settings
January 20, 2022
ID 161328
This section provides information about the settings that you can specify for the Firewall Management task.
All available values and default values for each setting are described.
DefaultIncomingAction
The default action to perform on an inbound connection if no network rules can be applied to this kind of the connection.
Available values:
Allow
—Allow inbound connection.
Block
—Block inbound connection.
Default value: Allow
DefaultIncomingPacketAction
The default action to perform on an incoming packet if no network packet rules can be applied to this kind of the connection.
Available values:
Allow
—Allow incoming packet.
Block
—Block incoming packet.
Default value: Allow
Section [PacketRules.item_#]
The [PacketRules.item_#]
sections specify network packet rules for the Firewall Management task.
You can define several [PacketRules.item_#]
sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by an item index, in ascending order.
Each [PacketRules.item_#]
section contains the following settings:
Name
A network packet rule name.
Default value: Packet rule #<n>
; where, n
is an index.
FirewallAction
Action to be performed on connections specified in this network packet rule.
Available values:
Allow
—Allow network connection.
Block
—Block network connection.
Default value: Allow
Protocol
Type of protocol for which network activity is to be monitored.
Available values:
Any
—The Firewall Management monitors all network activity.
TCP
UDP
ICMP
ICMPv6
IGMP
GRE
Default value: Any
RemotePorts
Port numbers of the remote computers between which the connection is to be monitored.
This setting can be specified only if the Protocol
setting value was set to TCP
or UDP
.
Integer or interval can be specified for this setting.
Available values:
Any
—All remote ports are monitored.
0-65535
.
Default value: Any
LocalPorts
Port numbers of the local computers between which the connection is to be monitored.
This setting can be specified only if the Protocol
setting value was set to TCP
or UDP
.
Integer or interval can be specified for this setting.
Available values:
Any
—All local ports are monitored.
0-65535
.
Default value: Any
ICMPType
ICMP packet type.
This setting can be specified only if the Protocol
setting value was set to ICMP
or ICMPv6
.
Available values:
Any
—All ICMP packet types are monitored.
Integer according to a data transfer protocol specification.
Default value: Any
ICMPCode
ICMP packet code.
This setting can be specified only if the Protocol
setting value was set to ICMP
or ICMPv6
.
Available values:
Any
—All ICMP packet codes are monitored.
Integer according to a data transfer protocol specification.
Default value: Any
Direction
Direction of the monitored network activity.
Available values:
IncomingOutgoing
or InOut
—Monitor both inbound and outbound connections
Incoming
or In
—Monitor inbound connections
Outgoing
or Out
—Monitor outbound connections
IncomingPacket
or InPacket
—Monitor incoming packets
OutgoingPacket
or OutPacket
—Monitor outgoing packets
IncomingOutgoingPacket
or InOutPacket
—Monitor both incoming and outgoing packets
Default value: IncomingOutgoing
or InOut
RemoteAddress
The network addresses of remote computers that can send and/or receive network packets.
Available values:
Any
—Monitor network packets sent and/or received by remote computers with any IP address
Trusted
—A predefined network zone for trusted networks
Local
—A predefined network zone for local networks
Public
—A predefined network zone for public networks
d.d.d.d
—IPv4 address, where d
is a decimal number 0–255
d.d.d.d/p
—Subnet of IPv4 addresses, where p
is a number 0–32
x:x:x:x:x:x:x:x
—IPv6 address, where x
is a hexadecimal number 0–ffff
x:x:x:x::0/p
—Subnet of IPv6 addresses, where p
is a number 0–64
Default value: Any
LocalAddress
Network addresses of computers that have Kaspersky Endpoint Security installed and can send and/or receive network packets.
Available values:
Any
—Monitor network packets sent and/or received by remote computers with any IP address
d.d.d.d
—IPv4 address, where d
is a decimal number 0-
255
d.d.d.d/p
—Subnet of IPv4 addresses, where p
is a number 0-
32
x:x:x:x:x:x:x:x
—IPv6 address; where x
is a hexadecimal number 0-
ffff
x:x:x:x::0/p
—Subnet of IPv6 addresses, where p
is a number 0-
64
Default value: Any
LogAttempts
Specify whether you want the actions of the network rule to be included in the report.
Available values:
Yes
—Report actions
No
—Do not report actions
Default value: No
Section [NetworkZonesPublic]
The [NetworkZonesPublic]
section specifies network addresses associated with Public networks.
You can specify several IP addresses or subnets of IP addresses.
Address.item_#
Available values:
d.d.d.d
—IPv4 address, where, d
is a decimal number 0-
255
d.d.d.d/p
—Subnet of IPv4 addresses, where p
is a number 0-
32
x:x:x:x:x:x:x:x
—IPv6 address, where x
is a hexadecimal number 0-
ffff
x:x:x:x::0/p
—Subnet of IPv6 addresses, where p
is a number 0-
64
Default value: “”
(no network addresses in this zone)
Section [NetworkZonesLocal]
The [NetworkZonesLocal]
section specifies network addresses associated with Local networks.
You can specify several IP addresses or subnets of IP addresses.
Address.item_#
Available values:
d.d.d.d
—IPv4 address, where d
is a decimal number 0-
255
d.d.d.d/p
—Subnet of IPv4 addresses, where p
is a number 0-
32
x:x:x:x:x:x:x:x
—IPv6 address, where x
is a hexadecimal number 0-
ffff
x:x:x:x::0/p
—Subnet of IPv6 addresses, where p
is a number 0-
64
Default value: “”
(no network addresses in this zone)
Section [NetworkZonesTrusted]
The [NetworkZonesTrusted]
section specifies network addresses associated with Trusted networks.
You can specify several IP addresses or subnets of IP addresses.
Address.item_#
Available values:
d.d.d.d
—IPv4 address, where d
is a decimal number 0-
255
d.d.d.d/p
—Subnet of IPv4 addresses, where p
is a number 0-
32
x:x:x:x:x:x:x:x
—IPv6 address, where x
is a hexadecimal number 0-
ffff
x:x:x:x::0/p
—Subnet of IPv6 addresses, where p
is a number 0-
64
Default value: “”
(no network addresses in this zone)