Views:

Create and manage rules to use with Firewall in Endpoint Security Policies.

Important
Important
If you are working on a policy, make sure to save your settings before leaving the screen. Leaving the screen without saving discards any changes.
Trend Micro preset rules cannot be deleted or modified. You can duplicate preset rules to create a new firewall rule.
Firewall rules are a policy resource where you can create rules to configure your Firewall settings in Endpoint Security Policies. Firewall rules can allow, block, and log internet connections. You can add up to 300 firewall rules.
Firewall rules are used by Firewall to override the scan setting to either allow or deny connections.

Procedure

  1. Go to Endpoint SecurityEndpoint Security ConfigurationPolicy ResourcesFirewall Rules.
  2. Create or edit a rule.
    • To create a new rule, click Add firewall rule.
    • To edit an existing rule, click the rule name and go to General
  3. Specify a name and description for the rule.
  4. Select the action for the rule to take.
    • Allow: Always allows the connection regardless of the firewall setting. The firewall does not log the event.
    • Deny: Always blocks the connection regardless of the firewall setting. The firewall logs the event.
    • Allow and log: Always allows the connection regardless of the firewall setting. The firewall logs the event.
  5. Select the Priority.
    The Priority determines which rule takes effect if a connection matches multiple rules. The firewall always applies the higher priority.
    Note
    Note
    Allow and log can only use the priority 4 - Highest. You cannot select a lower priority for the action.
  6. Select the Direction.
    • Inbound: Rule applies to attempts to connect to the endpoint.
    • Outbound: Rule applies to attempts by the endpoint to connect to a destination.
  7. Select the connection Protocol.
    Firewall rules support monitoring the following protocols:
    • ICMP
    • ICMPv6
    • TCP
    • TCP + UDP
    • UDP
    Important
    Important
    Firewall rules using ICMP or ICMPv6 protocol have strict support for IP address formats. Using an IP list that contains both IPv4 and IPv6 might cause unintended behavior.
    • If you select the ICMP protocol, use only IP lists with the IPv4 format. The ICMP protocol ignores IPv6 addresses.
    • If you select the ICMPv6 protocol, use only IP lists with the IPv6 format. The ICMPv6 protocol ignores IPv4 addresses.
  8. Specify the Packet source.
    1. If you want to monitor specific IP addresses, select Use IP list then select an IP list.
      To configure IP lists, see IP Lists.
    2. If you want to monitor specific ports, select Use port list then select a Port list.
      If you select Any for Protocol, then Port is set to Any and cannot be changed. To configure port lists, see Port Lists.
  9. Specify the Packet destination.
    1. If you want to monitor specific IP addresses, select Use IP list then select an IP list.
      To configure IP lists, see IP Lists.
    2. If you want to monitor specific ports, select Use port list then select a Port list.
      If you select Any for Protocol, then Port is set to Any and cannot be changed. To configure port lists, see Port Lists.
  10. Click Save.