Knowledgebase
How to use Firewall in Quick Heal EPS 6.0?
Posted by Muhammad Nehad on 13 January 2015 05:27 PM

Firewall shields your system by monitoring both inbound and outbound network traffic. It checks if the incoming traffic is secure or not and also checks whether the outgoing communication is secure according to the security policies that have been set for Firewall. Firewall works silently in the background and monitors network activity for malicious behavior.

You can create different policies for various groups/departments like enabling Firewall protection, applying Firewall security level with an exception rule and other settings according to the requirements. For example, you can apply security level as High for the Accounts Department, and apply an exception rule by entering the policy with additional policy settings. You can also apply the Display alert message when firewall violation occurs and Enable firewall reports options. While for Marketing Department, you can create a policy with security level as Low without an exception rule and apply the Enable firewall reports options only.

Note: The Firewall feature is available only in the clients with Microsoft Windows.

 

To configure a policy for Firewall setting, follow these steps:
1. Log on to the Endpoint Security web console and then click the Settings tab
2. On the Settings screen, click Firewall.
3. To enable Firewall, select Enable Firewall.
4. In the Level option, select one of the following:
· Block all
· High
· Medium
· Low
5. If you want an alert message about firewall violation, select Display alert message when firewall violation occurs.
6. If you want reports for all blocked connections, select Enable firewall reports.
7. To save your settings, click Save Policy.

Note: If the Firewall policy is set as 'Block All' or 'High', Firewall will block all connections and generate many reports that may impact your network traffic.



Description of Security Level:


Block all:     Blocks all Inbound and Outbound traffic without any exception. This is the strictest level of security.

       
High: Blocks all Inbound and Outbound traffic with an exception rule. The exception policy can be created for allowing or denying traffic either for inbound or outbound through certain communication Protocols, IP address, Ports such as TCP, UDP, ICMP.     
 
Medium: Blocks all Inbound and allows all Outbound traffic with an exception rule.
The exception policy can be created for allowing or denying traffic either for inbound or outbound through certain communication Protocols, IP address, Ports such as TCP, UDP, and ICMP. For example, if you allow receiving data from a certain IP address, the users can receive data but cannot send to the same IP address.
To take more advantage of this security level policy, it is advisable that you allow receiving inbound traffic and block outbound traffic.        
Low:Allows all Inbound and Outbound traffic.
When you apply Low security level, it is advisable that you create an exception rule for denying particular inbound or outbound data with the help of certain Protocols, IP address, and Ports to take more advantage of the security level policy.     


Exceptions
With exceptions, you can allow genuine programs to perform communication irrespective of Firewall level set as High or Medium. You can add exception to allow inbound and outbound communication through IP Addresses and Ports. With Exceptions, you can block or allow Inbound and Outbound communication, through IP Addresses and Ports.
To configure a policy with the Exceptions rule, follow these steps:
1. Under Exceptions, click Add.
2. On the Add/Edit Exception screen, type a name in the Exception Name text box and select a protocol. Click Next.

The protocol includes: TCP, UDP, and ICMP.
3. Select a direction for traffic and then click Next.

Traffic direction includes: Inbound and Outbound.
If you select Outbound, the setting applies only to the Outbound traffic. If you select both Inbound and Outbound, the setting applies to both types of traffic.
4. Under IP Address, type an IP address or IP range and then click Next.

If you select Any IP Addresses, you need not type an IP address as all IP addresses will be blocked.
5. Under TCP/UDP Ports, type a port or port range and then click Next.

If you select All Ports, you need not type a port as all ports are selected.

6. Under Action, select either Allow or Deny. Click Finish.

(2 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: