Procedure

1. Go to Agents → Firewall → Profiles.
2. Click Add.
3. Click Enable this profile to allow Apex One to deploy the profile to Security Agents.
4. Type a name to identify the profile and an optional description.
5. Select a policy for this profile.
6. Specify the agent endpoints to which Apex One applies the policy. Select endpoints based on the following criteria:
   • IP address
   • Domain: Click the button to open and select domains from the agent tree.

     Note Only users with full domain permissions can select domains.

   • Endpoint name: Click the button to open, and select Security Agent endpoints from, the agent tree.
   • Platform
   • Logon name
   • NIC description: Type a full or partial description, without wildcards.

     Tip Trend Micro recommends typing the NIC card manufacturer because NIC descriptions typically start with the manufacturer’s name. For example, if you typed "Intel", all Intel-manufactured NICs will satisfy the criteria. If you typed a particular NIC model, such as "Intel(R) Pro/100", only NIC descriptions that start with "Intel(R) Pro/100" will satisfy the criteria.

   • Agent location: Select from the following:
     • Internal - Security Agents can connect to a configured reference server

       Note Click Edit reference server list to configure location settings. For more information, see Reference Servers.

     • External - Security Agents cannot connect to a configured reference server
7. Select whether to grant users the privilege to change the firewall security level or edit a configurable list of exceptions to allow specified types of traffic.
   For details, see Firewall Policies.
8. Click Save.