Adding a Firewall Policy Exception

When adding new exceptions, ensure that you do not block the ports used for communication between the OfficeScan server and OfficeScan agents.

You can locate the listening ports used by the OfficeScan server and OfficeScan agents as follows:

  • Server listening port: Go to Administration > Settings > Agent Connection. The port number is under Agent Connection Settings.

  • OfficeScan agent listening port: Go to Agents > Agent Management > Status. The port number is under Basic Information.

  1. Go to Agents > Firewall > Policies.
  2. Click Edit Exception Template.
  3. Click Add.
  4. Type a name for the policy exception.
  5. Select the type of application. You can select all applications, or specify application path or registry keys.

    Verify the name and full paths entered. Application exception does not support wildcards.

  6. Select the action OfficeScan performs on network traffic (block or allow traffic that meets the exception criteria) and the traffic direction (inbound or outbound network traffic on the OfficeScan agent endpoint).
  7. Select the type of network protocol: TCP, UDP, ICMP, or ICMPv6.
  8. Specify ports on the OfficeScan agent endpoint on which to perform the action.
  9. Select OfficeScan agent endpoint IP addresses to include in the exception.

    For example, if you chose to deny all network traffic (inbound and outbound) and type the IP address for a single endpoint on the network, then any OfficeScan agent that has this exception in its policy cannot send or receive data to or from that IP address.

    • All IP addresses: Includes all IP addresses

    • Single IP address: Type an IPv4 or IPv6 address, or a host name.

    • Range (for IPv4 or IPv6): Type an IPv4 or IPv6 address range.

    • Range (for IPv6): Type an IPv6 address prefix and length.

    • Subnet mask: Type an IPv4 address and its subnet mask.

  10. Click Save.

    The Edit Exception Template screen appears with the new exception added.

  11. Click one of the following buttons to apply the new exception to the list:
    • Save Temple Changes: Saves the current exception template list settings but does not apply the settings to existing policies

    • Save and Apply to Existing Policies: Saves the current exception template list settings and immediately applies the settings to all existing policies