fwpro

Firewall Profiles

Firewall profiles provide flexibility by allowing you to choose the attributes that a client or group of clients must have before applying a policy. Create user roles that can create, configure, or delete profiles for specific domains.

Users using the built-in administrator account or users with full management permissions can also enable the Overwrite client security level exception list option to replace the client profile settings with the server settings.

Profiles include the following:

• Associated policy: Each profile uses a single policy

• Client attributes: Clients with one or more of the following attributes apply the associated policy:

• IP address: A client that has a specific IP address, an IP address that falls within a range of IP addresses, or an IP address belonging to a specified subnet

• Domain: A client that belongs to a certain OfficeScan domain

• Computer: A client with a specific computer name

• Platform: A client running a specific platform

• Logon name: Client computers to which specified users have logged on

• NIC description: A client computer with a matching NIC description

• Client connection status: If a client is online or offline

• A client is online if it can connect to the OfficeScan server or any of the Reference Servers, and offline if it cannot connect to any server.

• User privileges: Allow or prevent client users from doing the following:

• Changing the security level specified in a policy

• Editing the exception list associated with a policy

• These privileges apply only to clients that match the attributes specified in the profile. You can assign other firewall privileges to selected client users. See Firewall Privileges for details.

OfficeScan comes with a default profile named "All clients profile", which uses the "All access" policy. You can modify or delete this default profile. You can also create new profiles. All default and user-created firewall profiles, including the policy associated to each profile and the current profile status, display on the firewall profile list on the web console. Manage the profile list and deploy all profiles to OfficeScan clients. OfficeScan clients store all the firewall profiles to the client computer.

To configure the firewall profile list:

• Networked Computers > Firewall > Profiles

1. For users using the built-in administrator account or users with full management permissions, optionally enable the Overwrite client security level exception list option to replace the client profile settings with the server settings.

2. To add a new profile, click Add. To edit an existing profile, select the profile name.

A profile configuration screen appears. See Adding and Editing a Firewall Profile for more information.

3. To delete an existing policy, select the check box next to the policy and click Delete.

4. To change the order of profiles in the list, select the check box next to the profile to move, and then click Move Up or Move Down.

OfficeScan applies firewall profiles to clients in the order in which the profiles appear in the profile list. For example, if a client matches the first profile, OfficeScan applies the actions configured for that profile to the client. OfficeScan ignores the other profiles configured for that client.

• The more exclusive a policy, the better it is at the top of the list. For example, move a policy you create for a single client to the top, followed by those for a range of clients, a network domain, and all clients.

5. To manage reference servers, click Edit Reference Server List.

• Only users using the built-in administrator account or those with full management permissions can see and configure the reference server list.

Reference servers are computers that act as substitutes for the OfficeScan server when it applies firewall profiles. A reference server can be any computer on the network. OfficeScan makes the following assumptions when you enable reference servers:

• Clients connected to reference servers are online, even if the clients cannot communicate with the OfficeScan server.

• Firewall profiles applied to online clients also apply to clients connected to reference servers.

See Reference Servers for more information.

6. To save the current settings and assign the profiles to clients:

1. Select whether to Overwrite client security level/exception list. This option overwrites all user-configured firewall settings.

2. Click Assign Profile to Clients. OfficeScan assigns all profiles on the profile list to all the clients.

7. To verify that you successfully assigned profiles to clients:

1. Go to Networked Computers > Client Management. In the client tree view drop-down box, select Firewall view.

2. Ensure that a green check mark exists under the Firewall column in the client tree. If the policy associated with the profile enables the Intrusion Detection System, a green check mark also exists under the IDS column.

3. Verify that the client applied the correct firewall policy. The policy appears under the Firewall Policy column in the client tree.

See also:

• About the OfficeScan Firewall

• Firewall Policies and Profiles

• Adding and Editing a Firewall Profile

• Firewall Policies