Firewall Policies

Firewall policies allow you to block or allow certain types of network traffic not specified in a policy exception. A policy also defines which firewall features get enabled or disabled. Assign a policy to one or multiple Firewall Profiles.

OfficeScan comes with a set of default policies, which you can modify or delete.

The default firewall policies are as follows:

Default firewall policies

Policy Name

Security Level

Client Settings

Exceptions

Recommended Use

All access

Low

Enable firewall

None

Use to allow clients unrestricted access to the network

Cisco Trust Agent for Cisco NAC

Low

Enable firewall

Allow incoming and outgoing UDP traffic through port 21862

Use when clients have a Cisco Trust Agent (CTA) installation

Communication Ports for Trend Micro Control Manager

Low

Enable firewall

Allow all incoming and outgoing TCP/UDP traffic through ports 80 and 10319

Use when clients have an MCP agent installation

ScanMail for Microsoft Exchange console

Low

Enable firewall

Allow all incoming and outgoing TCP traffic through port 16372

Use when clients need to access the ScanMail console

InterScan Messaging Security Suite (IMSS) console

Low

Enable firewall

Allow all incoming and outgoing TCP traffic through port 80

Use when clients need to access the IMSS console

Also create new policies if you have requirements not covered by any of the default policies.

All default and user-created firewall policies display on the firewall policy list on the Web console.

  1. To add a new policy, click Add. If a new policy you want to create has similar settings with an existing policy, select the existing policy and click Copy.

  2. To edit an existing policy, click the policy name.

    A policy configuration screen appears. See Adding and Modifying a Firewall Policy for more information.

  3. To delete an existing policy, select the check box next to the policy and click Delete.

  4. To edit the firewall exception template, click Edit Exception Template. The Exception Template Editor appears. See Editing the Firewall Exception Template for more information.

See also: