Editing the Firewall Exception Template Parent topic

The firewall exception template contains policy exceptions that you can configure to allow or block different kinds of network traffic based on the OfficeScan client computer's port number(s) and IP address(es). After creating a policy exception, edit the policies to which the policy exception applies.
Decide which type of policy exception you want to use. There are two types:
  • Restrictive
    Blocks only specified types of network traffic and applies to policies that allow all network traffic. An example use of a restrictive policy exception is to block OfficeScan client ports vulnerable to attack, such as ports that Trojans often use.
  • Permissive
    Allows only specified types of network traffic and applies to policies that block all network traffic. For example, you may want to permit OfficeScan clients to access only the OfficeScan server and a web server. To do this, allow traffic from the trusted port (the port used to communicate with the OfficeScan server) and the port the OfficeScan client uses for HTTP communication.
    OfficeScan client listening port: Networked ComputersClient Management > Status. The port number is under Basic Information.
    Server listening port: AdministrationConnection Settings. The port number is under Connection Settings for Networked Computers.
    OfficeScan comes with a set of default firewall policy exceptions, which you can modify or delete.

    Default Firewall Policy Exceptions

    Exception Name
    Action
    Protocol
    Port
    Direction
    DNS
    Allow
    TCP/UDP
    53
    Incoming and outgoing
    NetBIOS
    Allow
    TCP/UDP
    137, 138, 139, 445
    Incoming and outgoing
    HTTPS
    Allow
    TCP
    443
    Incoming and outgoing
    HTTP
    Allow
    		 TCP
    80
    Incoming and outgoing
    Telnet
    Allow
    TCP
    23
    Incoming and outgoing
    SMTP
    Allow
    TCP
    25
    Incoming and outgoing
    FTP
    Allow
    TCP
    21
    Incoming and outgoing
    POP3
    Allow
    TCP
    110
    Incoming and outgoing
    LDAP
    Allow
    TCP/UDP
    389
    Incoming and outgoing
Note
Note
Default exceptions apply to all clients. If you want a default exception to apply only to certain clients, edit the exception and specify the IP addresses of the clients.
The LDAP exception is not available if you upgrade from a previous OfficeScan version. Manually add this exception if you do not see it on the exception list.
Related information