Jump to content

Effect of Custom Policy on Firewall settings at client


Recommended Posts

Endpoint 8.1 Firewall was blocking RDP requests on too many local PC's, so a single custom Policy with a single entry for RDP was added via ESET Protect and associated to the group with all the Windows installs of Endpoint 8.1. After that, no pc in that group would allow local unblocks ["unblocking error"] of any other port or service, which became another problem for wireless Remote displays. Is this correct behaviour? Does a single custom policy disable all other port unblocking features at the client end? Is there a better way around this? If the Endpoint firewall is disabled as a workaround, is the Windows Firewall still active, or has Endpoint assumed ALL control of firewall protection?

Link to comment
Share on other sites

  • Administrators

If you want firewall rules set by a policy to take precedence over local rules set up locally by users, select "Prepend" as shown below:

image.png

RDP is allowed in the Trusted zone by default. An alternate solution would be to set up the trusted zone properly.

Link to comment
Share on other sites

How do you configure the Trusted Zone? Our endpoint clients should be in the Trusted Zone when they're in the Domain network, but I can't find a way to set it up.

Thanks

Link to comment
Share on other sites

I know how to set up the Trusted Zone, but do i configure it at the the default policy firewall settings via the management console and assign it to the windows group, or do i configure it at the client end for each pc? If i edit the default windows computer policy to change the trusted zone, and apply it, again will all the pc's lose the ability to add local unblocks?

I'm still not clear on whether policies are being applied from the management console by default or not. Obviously out of the box many of my users, including myself had RDP blocked by default after upgrading from v7 to v8, so it was not open by default.

If i enable ANY policy at the management console, will it block ALL the clients from adding local blocks for ports?

 

Link to comment
Share on other sites

  • Administrators

By default no policies are applied to clients.

Some settings that contain a list of items can be applied in 3 ways: replace, append, prepend.

While replace will lock particular settings (lists), append will append the policy to local settings (ie. make local user settings supersede the policy) and likewise prepend will make the policy supersede the local user settings (lists).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...