Jump to content

Using multiple firewall policies


Opapa

Recommended Posts

Hello.

I currently have one firewall policy containing the built-in system rules and my custom rules. This works and was okay in the past.

Now I want to keep this "basic" firewall policy and append further policies with rules for certain applications.

For example:

Every device should get the "basic" firewall policy, but only Skype users shall have an additional policy with the Skype ruleset.

Unfortunately when I create a second firewall policy and want to append the rules, the rule editor does not know the "zones" and "firewall profiles" I specified in the "basic" firewall rule.

Can you please give me a hint to solve this?

Thank you and regards,

Bastian

Link to comment
Share on other sites

  • Administrators

Both zones and firewall profiles can be set up to be appended to the already existing ones on clients:

image.png

Link to comment
Share on other sites

Hello Marcos,

thank you for your response.

I understand, that you can append further profiles, zones and rules in the following policies.

Please have a look at this example:

- I created two firewall policies.

image.png

- The first policy ( Firewall – 10_BASIC) contains two firewall profiles (UNTRUSTED, INTERNAL), zones (Trusted Zone, IT-Administration-Zone) and a basic firewall ruleset. This policy is applied on all machines and replaces all prior settings (therefore set to replace).

- The second policy (Firewall – 1001_Skype) does not contain additional firewall profiles or additional zones. It shall inherit firewall profiles and zones from the first policy and only adds two firewall rules. This policy is applied on all machines where Skype is allowed. It shall allow the usage of Skype only from trusted networks (Firewall profile: INTERNAL)

image.png

- Unfortunately and probably “by design” the rule editor in the second policy does not show/know the firewall profiles and zones defined in the first policy (Firewall – 10_BASIC). I can only select “Any profile” in the rule and the IT-Administration-Zone is not available.

image.png

Do you have an idea how this is solved?

Thanks again!

Link to comment
Share on other sites

  • 2 weeks later...

Hello Marcos,

hello community...

Can you please have a look on the scenario above and give me a hint how this can be managed in ESET PROTECT?

Thanks again!

Link to comment
Share on other sites

  • Administrators

Currently cross references are not supported in policies, ie. you cannot refer to a particular zone defined in a different policy. Zones and rules must be configured in the same policy.
A zone is identified by an internal id, not by name. Neither the policy editor nor advanced setup allows for viewing or setting this internal ID. Nevertheless, I'll make a note of this requirement for consideration in future versions.

P_EESW-10277

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...