This video demonstrates how Smart Firewall works and how to configure outbound and inbound rules, protocols & ports, and blocking rules.
To view the captioned version of this video, click here.
*************************************************************************************************************
SCRIPT:
Welcome to this program on "Configuring an Endpoint Protection Firewall Rule."
In this video you'll learn some of the basics of the Endpoint Protection Smart Firewall:
· How to allow an outbound connection
· How to allow an inbound connection
· How to specify protocols and ports
· Important considerations when blocking a connection
· ...and things to consider when adding firewall rules
The Endpoint Protection Smart Firewall is part of a layered approach to protecting an endpoint.
The firewall runs only on desktop and laptop computers. It is not installed on servers that also run Endpoint Protection.
The Smart Firewall knows the rules of the protocols and the state of each connection,
...and Program Control to block or allow programs access to the network based on your policy.
Smart Firewall allows endpoints to initiate connections unless there are rules blocking or restricting the protocol...
It also allows programs network access unless the program is blocked by your Program Control configuration.
Because Smart Firewall knows the rules governing protocols, when a protected endpoint sends a request to another computer, Smart Firewall expects a response that meets the rules of the protocol being used.
This means that when creating a rule it is not necessary to create a rule allowing response. However, just because you have a rule allowing an outbound connection, does not mean that your destination computer has a rule allowing an inbound connection.
The ICMP rules in the default rule set are a good example of this situation.
Allowing inbound connections requires more care, even though Smart Firewall has many layers of protection to maintain the defense.
Allowing an inbound connection from any computer is risky.
The more specific the inbound rule is with regard to which computers have permission for an inbound connection, the safer the rule is.
As with specifying computers allowed to make either an inbound or an outbound connection, the more specific a firewall rule is with regard to the allowed protocol and port used, the less risky the rule.
When creating an outbound connection to well-known service or connecting to a custom internal application, you must know that transport protocol used by the service and its service port number.
...unless the protocol designates specific client ports only the remote port number is required
When allowing inbound connection on an endpoint offering a service, specifying the exact service port number used is very important.
Each unnecessary port made available for an inbound connection...exposes the endpoint to undue risk.
A common example of allowing an inbound connection is for remote desktop connections between computers rather than with a server.
This rule allows any computer using it to accept Remote Desktop Connection requests on port 3389 from other computers on the subnet.
While allowing connections can open up holes in your firewall defenses, blocking connections can prevent necessary communications.
The only difference in configuring a blocking rule rather than an allow a rule is in this add rule drop down, all of the other configuration choices remain the same.
Blocking a service like DNS or DHCP has serious consequences if the rule is deployed without testing.
An administrator would never intentionally create such a rule. Unfortunately mistakes happen. Pre-deployment testing usually catches mistakes.
Always thoroughly test your rules before deploying them to the endpoints on your production network.
You must also guard against preventing the Symantec.cloud Agent from communicating with the cloud systems. The list of vital URLs is found in the online Help topic "Internet access requirements."
Simplicity is the key to a secure firewall: only use rules that are absolutely necessary; it makes the firewall faster and reduces the chance of error when the firewall policy is revisited at a later date.
In this video, you learned some of the basics of the Endpoint Protection Smart Firewall:
· How to allow an outbound connection
· How to allow an inbound connection
· How to specify protocols and ports
· Important considerations when blocking a connection
· ...and things to consider when adding firewall rules
This concludes the video, "Configuring an Endpoint Protection Firewall Rule."
Thanks for watching!