fwpoladm
Configure the following for each policy:
Security level: A general setting that blocks or allows all inbound and/or all outbound traffic on the client computer
Firewall features: Specify whether to enable or disable the OfficeScan firewall, the Intrusion Detection System (IDS), and the firewall violation notification message. See Intrusion Detection System for more information on IDS.
Certified Safe Software List: Specify whether to allow certified safe applications to connect to the network. See Certified Safe Software List for more information on Certified Safe Software List.
Policy exception list: A list of configurable exceptions that block or allow various types of network traffic
To add a policy:
Networked Computers > Firewall > Policies
To add a new policy, click Add. If a new policy you want to create has similar settings with an existing policy, select the existing policy and click Copy.
Type a name for the policy.
Select a security level. The selected security level will not apply to traffic that meet the firewall policy exception criteria.
Select the firewall features to use for the policy.
The firewall violation notification message displays when the firewall blocks an outgoing packet. To modify the message, see To modify the content of the notification message:.
Enabling all the firewall features grants the client users the privileges to enable/disable the features and modify firewall settings in the client console.
You cannot use the OfficeScan server web console to override client console settings that the user configures.
If you do not enable the features, the firewall settings you configure from the OfficeScan server web console display under Network card list on the client console.
The information under Settings on the client console's Firewall tab always reflects the settings configured from the client console, not from the server web console.
Enable the local or global Certified Safe Software List.
Ensure that the Unauthorized Change Prevention Service and Certified Safe Software Services have been enabled before enabling this service.
Under Exception, select the firewall policy exceptions. The policy exceptions included here are based on the firewall exception template. See Editing the Firewall Exception Template for details.
Modify an existing policy exception by clicking the policy exception name and changing the settings in the page that opens.
The modified policy exception will only apply to the policy to be created. If you want the policy exception modification to be permanent, you will need to make the same modification to the policy exception in the firewall exception template.
Click Add to create a new policy exception. Specify the settings in the page that opens.
The policy exception will also apply only to the policy to be created. To apply this policy exception to other policies, you need to add it first to the list of policy exceptions in the firewall exception template.
Click Save.
To modify an existing policy:
Networked Computers > Firewall > Policies
Click a policy.
Modify the following:
Policy name
Security level
Firewall features to use for the policy
Certified Safe Software Service List status
Firewall policy exceptions to include in the policy
Edit an existing policy exception (click the policy exception name and change settings in the page that opens)
Click Add to create a new policy exception. Specify the settings in the page that opens.
Click Save to apply the modifications to the existing policy.
See also: