The new LANDesk Firewall tool is an important component of
Endpoint Security that lets you protect managed devices from
unauthorized application operations and connections.
With LANDesk Firewall settings, you can create and configure
trusted programs (applications), trusted network scopes, and
connection rules to protect managed devices from unauthorized
intrusions.
NOTE:LANDesk
Firewall and Windows Firewall
The LANDesk Firewall complements the Windows Firewall, and both can
be enabled and running at the same time on managed devices.
Component of Endpoint Security
LANDesk Firewall is one of the components of the comprehensive
Endpoint Security solution, along with the Host Intrusion
Prevention (HIPS) and Device Control tools.
Firewall settings give you complete control over how the LANDesk
Firewall operates on target devices.
This section describes how to create and manage Firewall
settings.
Creating LANDesk Firewall settings
To create LANDesk Firewall settings
In the Security Configurations tool window,
right-click LANDesk Firewall, and then click
New.
At the General settings page, enter a name for
the settings, enable the LANDesk Firewall service, and then specify
the protection mode. For information about an option, click
Help.
At the Trusted programs page, add and edit
applications you want to be able to connect to and from the network
and the Internet. You can also define the trusted scope.
At the Connection rules page, define the
connection rules (incoming or outgoing, and action) by port,
protocol, or IP range.
Click Save.
Once configured, you can deploy settings to target devices with
an installation or update task, or a change settings task.
LANDesk Firewall settings
help
Use this dialog to create and edit LANDesk Firewall settings.
When creating Firewall settings, you first define the general
protection mode, and then add and configure specific trusted
programs, trusted scopes, and connection rules. You can create as
many settings as you like and edit them at any time.
If you want to modify the device default settings without
reinstalling the Endpoint Security agent or redeploying a full
agent configuration, make your desired change to any of the options
on the settings dialog, assign the new settings to a change
settings task, and then deploy the change settings task to target
devices.
This dialog contains the following pages.
About the General
settings page
Use this page to enable the LANDesk Firewall and configure the
protection mode.
This page contains the following options:
Name:
Identifies the Firewall settings with a unique name.
Enable LANDesk Firewall:
Allows all programs to run except when a program's operation
threatens system security as defined by predefined protection
rules.
Protection mode:
Specifies protection behavior when security violations occur on
managed devices.
Automatic: All policy violations are
automatically blocked. In other words, all of the trusted program,
trusted scope and connection rules (i.e., permissions) you've
created are enforced.
Auto-learn period: Allows the administrator to
specify a period of time during which the end user can run any of
the applications on their machine. During this period, applications
that run are observed. (The maximum auto-learn time period is 5
days. If you want to run auto-learn for a longer period, at the end
of 5 days you can reset the value.)
NOTE:
These two time period options are executed successively. In other
words, if both are selected, the auto-learn period runs first and
when it expires, the auto-log period runs.
Auto-log period: Specifies a period of time
during which the applications that run are recorded in an action
history file.
Learn: All applications are allowed to run,
but are monitored and recorded in an action history file.
Additionally, all of the applications that are run on the device
are learned and added to the trusted programs list.
Log only:
Policy violations are logged, but not blocked.
Block:
Policy violations are blocked, but not logged.
About the
Trusted programs page
Use this page to create and manage trusted programs and trusted
scopes.
This page contains the following options:
Trusted applications: Lists the applications
that have connection rules configured for firewall protection.
Trusted scope: Lists the network scopes that
have connection rules configured for firewall protection.
Add: Opens a file explorer dialog where you
can browse and select an application you want to configure with
connection rules.
Edit: Lets you edit the selected application's
connection rules.
Delete: Deletes the selected application and
its connection rules.
About the
Configure trusted application dialog box
Use this page to configure connection rules for a specific
application.
This page contains the following options:
Application details:
Identifies the application file that is being assigned connection
rules (i.e., permissions). You can enter a description of the
file.
Outbound connection
Allow application to connect to the trusted scope
(network): Allows the application to connect to locations
within the trusted scope you've defined.
Allow application to connect outside the trusted
scope (Internet): Allows the application to connect to
locations outside of the trusted scope you've defined.
Inbound connection
Allow application to receive connections from the
trusted scope (network): Allows the application to receive
connections from locations within the trusted scope you've
defined.
Allow application to receive connections from
outside the trusted scope (Internet): Allows the application to
receive connections from locations outside of the trusted scope
you've defined.
Locked trusted application: Ensures the
application retains the connection rules you assign here, even if
the application is allowed other operations during a learn
mode.
OK:
Saves the connection rules and adds the application to the list of
trusted programs.
Cancel:
Closes the dialog without saving.
About the
Trusted scope dialog box
Use this page to configure and manage trusted scopes. A trusted
scope is made up of a collection of network addresses, by IP
address, IP range, or subnet.
This page contains the following options:
Trust client's subnet: Adds the target
device's subnet range to the trusted scope list. Communication
across that subnet range is allowed.
Trusted scopes: Lists all of the trusted
scopes.
Import:
Lets you import subnet ranges from managed devices contained in the
core database inventory.
Add:
Lets you add a trusted location to the list. Add a trusted location
by IP address, IP range, or subnet.
Edit:
Lets you modify the selected existing trusted location.
Delete:
Removes the selected trusted location.
About the
Connection rules dialog box
Use this page to view, manage, and prioritize connection rules.
Connection rules can allow or prevent connections based on port or
IP range, whether the program is trusted, and whether the
communication is within the trusted network scope.
This page contains the following options:
Connection rules:
Lists all of the connection rules.
Move up:
Determines the priority of the connection rule. A connection rule
higher in the list takes precedence over a rule that is lower in
the list.
Move down:
Determines the priority of the connection rule.
Reset:
Restores the rule order.
Add:
Opens a dialog where you can configure a new connection rule.
Edit:
Lets you modify the selected connection rule.
Delete: Removes the connection rule from the
database.
About the
Configure connection rule dialog box
Use this page to configure connection rules.
This page contains the following options:
Name:
Identifies the connection rule with a descriptive name.
Ports: Lets you define port restrictions for
the connection rule.
Apply to these local ports: Specifies the
local ports to which the direction and action (selected below) are
applied. For example, if Incoming is selected and Accept is
selected, connections to the local ports specified here are
allowed.
Apply to these remote ports: Specifies the
remote ports to which the direction and action (selected below) are
applied.
Protocol: Specifies the communication protocol
for the selected ports.
IP range: Lets you define IP range
restrictions for the connection rule.
Apply to these remote addresses: Specifies the
remote IP address range to which the direction and action (selected
below) are applied.
Direction: Indicates whether the connection
rule restricts inbound or outbound connections.
Action: Indicates whether the connection rule
allows (accepts) or prevents (drops) connections.
Allow trusted programs to bypass: Lets you
give trusted programs the ability to ignore or bypass this
connection rule.
Only for trusted scope: Limits the trusted
programs' ability to bypass the connection rule only if the
communication is within the trusted network scope.
OK:
Saves the options and adds the rule to the list of connection
rules.
