Firewall Policies and Profiles

The OfficeScan firewall uses policies and profiles to organize and customize methods for protecting networked endpoints.

With Active Directory integration and role-based administration, each user role, depending on the permission, can create, configure, or delete policies and profiles for specific domains.


Multiple firewall installations on the same endpoint may produce unexpected results. Consider uninstalling other software-based firewall applications on OfficeScan agents before deploying and enabling the OfficeScan firewall.

The following steps are necessary to successfully use the OfficeScan firewall:

  1. Create a policy. The policy allows you to select a security level that blocks or allows traffic on networked endpoints and enables firewall features.

  2. Add exceptions to the policy. Exceptions allow OfficeScan agents to deviate from a policy. With exceptions, you can specify agents, and allow or block certain types of traffic, despite the security level setting in the policy. For example, block all traffic for a set of agents in a policy, but create an exception that allows HTTP traffic so agents can access a web server.

  3. Create and assign profiles to OfficeScan agents. A firewall profile includes a set of agent attributes and is associated with a policy. When any agent matches the attributes specified in the profile, the associated policy is triggered.