Opapa 2 Posted May 16 Share Posted May 16 Hello. I currently have one firewall policy containing the built-in system rules and my custom rules. This works and was okay in the past. Now I want to keep this "basic" firewall policy and append further policies with rules for certain applications. For example: Every device should get the "basic" firewall policy, but only Skype users shall have an additional policy with the Skype ruleset. Unfortunately when I create a second firewall policy and want to append the rules, the rule editor does not know the "zones" and "firewall profiles" I specified in the "basic" firewall rule. Can you please give me a hint to solve this? Thank you and regards, Bastian Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted May 16 Administrators Share Posted May 16 Both zones and firewall profiles can be set up to be appended to the already existing ones on clients: Quote Link to comment Share on other sites More sharing options...
Opapa 2 Posted May 22 Author Share Posted May 22 Hello Marcos, thank you for your response. I understand, that you can append further profiles, zones and rules in the following policies. Please have a look at this example: - I created two firewall policies. - The first policy ( Firewall – 10_BASIC) contains two firewall profiles (UNTRUSTED, INTERNAL), zones (Trusted Zone, IT-Administration-Zone) and a basic firewall ruleset. This policy is applied on all machines and replaces all prior settings (therefore set to replace). - The second policy (Firewall – 1001_Skype) does not contain additional firewall profiles or additional zones. It shall inherit firewall profiles and zones from the first policy and only adds two firewall rules. This policy is applied on all machines where Skype is allowed. It shall allow the usage of Skype only from trusted networks (Firewall profile: INTERNAL) - Unfortunately and probably “by design” the rule editor in the second policy does not show/know the firewall profiles and zones defined in the first policy (Firewall – 10_BASIC). I can only select “Any profile” in the rule and the IT-Administration-Zone is not available. Do you have an idea how this is solved? Thanks again! Quote Link to comment Share on other sites More sharing options...
Opapa 2 Posted 11 hours ago Author Share Posted 11 hours ago Hello Marcos, hello community... Can you please have a look on the scenario above and give me a hint how this can be managed in ESET PROTECT? Thanks again! Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,704 Posted 8 hours ago Administrators Share Posted 8 hours ago Currently cross references are not supported in policies, ie. you cannot refer to a particular zone defined in a different policy. Zones and rules must be configured in the same policy. A zone is identified by an internal id, not by name. Neither the policy editor nor advanced setup allows for viewing or setting this internal ID. Nevertheless, I'll make a note of this requirement for consideration in future versions. P_EESW-10277 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.