Procedure

  1. Go to AgentsFirewallProfiles.
  2. Select to add or modify a profile.
    • Click Add to create a new profile.
    • Click the Name of an existing profile to modify settings.
  3. Select Enable this profile to allow Trend Micro Apex One to deploy the profile to Security Agents.
  4. In the Profile Settings section, configure the following:
    • Name: Type a unique name for the profile.
    • Description: (Optional) Type a description for the profile.
    • Policy: Select a preexisting Apex One Firewall policy to apply to the profile.
      For more information, see Firewall Policies.
    • Select the criteria the Apex One Firewall uses to define the Security Agents to which the profile applies.
      Criteria
      Description
      IP address
      Select an option to specify the endpoint IP address, IP address range, or subnet.
      Domain
      Click the button to open and select domains from the agent tree.
      Note
      Note
      Only users with full domain permissions can select domains.
      Endpoint
      Select to apply the profile to Security Agents selected from the agent tree.
      Click Select Endpoints from Agent Tree to open the Firewall Profile Settings screen. Select the required Security Agents and click Select.
      Platform
      Select to apply the profile to specific operating system types.
      • Supported Windows Server platforms
      • Supported Windows desktop platforms
      For a list of supported operating systems, see the System Requirements document.
      Logon name
      Select to apply the profile to specific users logged on to endpoints.
      Specify the logon name for particular users. The Apex One Firewall applies the profile on Security Agents on which the specified users logged on.
      NIC description
      Select to apply the profile to endpoints using specific Network Interface Cards (NIC).
      Type a full or partial NIC description.
      Tip
      Tip
      Trend Micro recommends typing the NIC card manufacturer because NIC descriptions typically start with the manufacturers name. For example, if you type "Intel", all Intel-manufactured NICs satisfy the criteria. If you type a particular NIC model, such as "Intel(R) Pro/100", only NIC descriptions that start with "Intel(R) Pro/100" satisfy the criteria.
      Agent location
      Select to apply the profile based on the Security Agent connection status.
      • Internal - Security Agents can connect to a configured reference server
        Note
        Note
        Click Edit reference server list to configure location settings.
        For more information, see Reference Servers.
      • External - Security Agents cannot connect to a configured reference server
  5. In the User Privileges section, configure the following:
    • Allow user to change security level: Select to allow users to define the Apex One Firewall security level using the Security Agent console
    • Allow user to edit policy exceptions: Select to allow users to define custom Apex One Firewall policy exceptions using the Security Agent console
    Important
    Important
    Only Security Agents with the Display the Firewall settings on the Security Agent console privilege display the firewall settings on the Security Agent console.
  6. Click Save.
    The profile displays in the Firewall Profiles list.
  7. Click Apply Profiles to Agents to send the updated profiles to Security Agents.