fwpolext

Editing the Firewall Exception Template

The firewall exception template contains policy exceptions that you can configure to allow or block different kinds of network traffic based on the client computer's port number(s) and IP address(es). After creating a policy exception, edit the policies to which the policy exception applies.

Decide which type of policy exception you want to use. There are two types:

Restrictive

Blocks only specified types of network traffic and applies to policies that allow all network traffic. An example use of a restrictive policy exception is to block client ports vulnerable to attack, such as ports that Trojans often use.

Permissive

Allows only specified types of network traffic and applies to policies that block all network traffic. For example, you may want to permit clients to access only the OfficeScan server and a web server. To do this, allow traffic from the trusted port (the port used to communicate with the OfficeScan server) and the port the client uses for HTTP communication.

Client listening port: Networked Computers > Client Management > Status. The port number is under Basic Information.

Server listening port: Administration > Connection Settings. The port number is under Connection Settings for Networked Computers.

OfficeScan comes with a set of default firewall policy exceptions, which you can modify or delete.

Default Firewall Policy Exceptions

Exception Name

Action

Protocol

Port

Direction

DNS

Allow

TCP/UDP

53

Incoming and outgoing

NetBIOS

Allow

TCP/UDP

137, 138, 139, 445

Incoming and outgoing

HTTPS

Allow

TCP

443

Incoming and outgoing

HTTP

Allow

TCP

80

Incoming and outgoing

Telnet

Allow

TCP

23

Incoming and outgoing

SMTP

Allow

TCP

25

Incoming and outgoing

FTP

Allow

TCP

21

Incoming and outgoing

POP3

Allow

TCP

110

Incoming and outgoing

LDAP

Allow

TCP/UDP

389

Incoming and outgoing

  1. Click Edit Exception Template.

  2. Click Add.

  3. Type a name for the policy exception.

  4. Select the type of application. You can select all applications, or specify application path or registry keys.

  5. Select the action OfficeScan will perform on network traffic (block or allow traffic that meets the exception criteria) and the traffic direction (inbound or outbound network traffic on the client computer).

  6. Select the type of network protocol: TCP, UDP, ICMP, or ICMPv6.

  7. Specify ports on the client computer on which to perform the action.

  8. Select client computer IP addresses to include in the exception. For example, if you chose to deny all network traffic (inbound and outbound) and type the IP address for a single computer on the network, then any client that has this exception in its policy will not be able to send or receive data to or from that IP address.

  9. Choose from the following options:

  10. Click Save.

  1. Click Edit Exception Template.

  2. Click a policy exception.

  3. Modify the following:

  4. Click Save.

  1. Click Edit Exception Template.

  2. Select the check box(es) next to the exception(s) to delete.

  3. Click Delete.

  1. Click Edit Exception Template.

  2. Select the check box next to the exception to move.

  3. Click an arrow to move the exception up or down the list. The ID number of the exception changes to reflect the new position.

  1. Click Edit Exception Template.

  2. Click one of the following save options:

See also: