Opapa 2 Posted May 16, 2023 Posted May 16, 2023 Hello. I currently have one firewall policy containing the built-in system rules and my custom rules. This works and was okay in the past. Now I want to keep this "basic" firewall policy and append further policies with rules for certain applications. For example: Every device should get the "basic" firewall policy, but only Skype users shall have an additional policy with the Skype ruleset. Unfortunately when I create a second firewall policy and want to append the rules, the rule editor does not know the "zones" and "firewall profiles" I specified in the "basic" firewall rule. Can you please give me a hint to solve this? Thank you and regards, Bastian
Administrators Marcos 5,453 Posted May 16, 2023 Administrators Posted May 16, 2023 Both zones and firewall profiles can be set up to be appended to the already existing ones on clients:
Opapa 2 Posted May 22, 2023 Author Posted May 22, 2023 Hello Marcos, thank you for your response. I understand, that you can append further profiles, zones and rules in the following policies. Please have a look at this example: - I created two firewall policies. - The first policy ( Firewall – 10_BASIC) contains two firewall profiles (UNTRUSTED, INTERNAL), zones (Trusted Zone, IT-Administration-Zone) and a basic firewall ruleset. This policy is applied on all machines and replaces all prior settings (therefore set to replace). - The second policy (Firewall – 1001_Skype) does not contain additional firewall profiles or additional zones. It shall inherit firewall profiles and zones from the first policy and only adds two firewall rules. This policy is applied on all machines where Skype is allowed. It shall allow the usage of Skype only from trusted networks (Firewall profile: INTERNAL) - Unfortunately and probably “by design” the rule editor in the second policy does not show/know the firewall profiles and zones defined in the first policy (Firewall – 10_BASIC). I can only select “Any profile” in the rule and the IT-Administration-Zone is not available. Do you have an idea how this is solved? Thanks again!
Opapa 2 Posted June 2, 2023 Author Posted June 2, 2023 Hello Marcos, hello community... Can you please have a look on the scenario above and give me a hint how this can be managed in ESET PROTECT? Thanks again!
Administrators Marcos 5,453 Posted June 2, 2023 Administrators Posted June 2, 2023 Currently cross references are not supported in policies, ie. you cannot refer to a particular zone defined in a different policy. Zones and rules must be configured in the same policy. A zone is identified by an internal id, not by name. Neither the policy editor nor advanced setup allows for viewing or setting this internal ID. Nevertheless, I'll make a note of this requirement for consideration in future versions. P_EESW-10277
Recommended Posts