About the Firewall Management task

Kaspersky Security for Windows Server provides a reliable and convenient solution for protecting network connections using the Firewall Management task.

The Firewall Management task does not perform independent network traffic filtering, but it lets you manage Windows Firewall through the Kaspersky Security for Windows Server graphical interface. During the Firewall Management task Kaspersky Security for Windows Server takes over management of the settings and policies of the operation system's firewall and blocks any external attempts to configure the firewall.

During installation of the application, the Firewall Management component reads and copies the Windows Firewall status and all specified rules. After that, the set of rules and the rule parameters may only be changed, and the firewall may only be turned on or off in Kaspersky Security for Windows Server.

If Windows Firewall is turned off during installation of Kaspersky Security for Windows Server, the Firewall Management task will not be executed after the installation is complete. If Windows Firewall is turned on during installation of the application, the Firewall Management task is executed after the installation is complete, blocking all network connections that are not allowed by the specified rules.

The Firewall Management component is not installed by default, as it is not included in the set of components in the Recommended Installation.

The Firewall Management task enforces blocking of all incoming and outgoing connections not allowed by the task's specified rules.

The task polls the Windows Firewall regularly and monitors its status. By default, the polling interval is set to 1 minute and cannot be changed. If Kaspersky Security for Windows Server detects a mismatch between the Windows Firewall settings and the Firewall Management task settings, the application forcibly applies the task settings to the operating system firewall.

Polling Windows Firewall each minute, Kaspersky Security for Windows Server monitors the following:

• Operating status of the Windows Firewall.
• Status of rules added by other applications or tools (for example, the addition of a new application rule for a port/application using wf.msc) after installation of Kaspersky Security for Windows Server.

When applying new rules to Windows Firewall, Kaspersky Security for Windows Server creates a Kaspersky Security Group rule set in the Windows Firewall snap-in. This rule set contains all the rules created by Kaspersky Security for Windows Server using the Firewall Management task. The rules in the Kaspersky Security Group are not monitored by the application during polling and are not automatically synchronized with the list of rules specified in the Firewall Management task settings.

To update the Kaspersky Security Group rules manually,

restart the Kaspersky Security for Windows Server Firewall Management task.

You can also edit the Kaspersky Security Group rules manually using the Windows Firewall snap-in.

If Windows Firewall is managed by a Kaspersky Security Center group policy, the Firewall Management task cannot be started.