Configuring the Firewall Profile List
- Go to Agents > Firewall > Profiles.
- For users using the built-in administrator account or users with full management permissions, optionally enable the Overwrite agent security level/exception list option to replace the OfficeScan agent profile settings with the server settings.
- To add a new profile, click Add.
To edit an existing profile, select the profile name.
A profile configuration screen appears. See Adding and Editing a Firewall Profile for more information.
- To delete an existing profile, select the check box next to the policy and click Delete.
- To change the order of profiles in the list, select the
check box next to the profile to move, and then click Move
Up or Move Down.
OfficeScan applies firewall profiles to OfficeScan agents in the order in which the profiles appear in the profile list. For example, if the agent matches the first profile, OfficeScan applies the actions configured for that profile to the agent. OfficeScan ignores the other profiles configured for that agent.Tip:
The more exclusive a policy, the better it is at the top of the list. For example, move a policy you create for a single agent to the top, followed by those for a range of agents, a network domain, and all agents.
- To manage reference servers, click Edit Reference Server List. Reference
servers are endpoints that act as substitutes for the OfficeScan server when
it applies firewall profiles. A reference server can be any endpoint on the
network (see Reference Servers for more information). OfficeScan makes the
following assumptions when you enable reference servers:
OfficeScan agents connected to reference servers are online, even if the agents cannot communicate with the OfficeScan server.
Firewall profiles applied to online OfficeScan agents also apply to OfficeScan agents connected to reference servers.
Only users using the built-in administrator account or those with full management permissions can see and configure the reference server list.
- To save the current settings and assign the profiles to OfficeScan agents:
- Select whether to Overwrite agent security level/exception list. This option overwrites all user-configured firewall settings.
- Click Assign Profile to Agents. OfficeScan assigns all profiles on the profile list to all the OfficeScan agents.
- To verify that you successfully assigned profiles to OfficeScan agents:
- Go to Agents > Agent Management. In the agent tree view drop-down box, select Firewall view.
- Ensure that a green check mark exists under the Firewall column in the agent tree. If the policy associated with the profile enables the Intrusion Detection System, a green check mark also exists under the IDS column.
- Verify that the agent applied the correct firewall policy. The policy appears under the Firewall Policy column in the agent tree.