Firewall Manager task settings

This section provides information about the settings that you can specify for the Firewall Manager task.

All available values and default values for each setting are described.

DefaultIncomingAction

The default action to perform on an inbound connection if no network rules can be applied to this kind of the connection.

Available values:

Allow—Allow inbound connection

Block—Block inbound connection

Default value: Allow

DefaultIncomingPacketAction

The default action to perform on an incoming packet if no network packet rules can be applied to this kind of the connection.

Available values:

Allow—Allow incoming packet

Block—Block incoming packet

Default value: Allow

Section [PacketRules.item_xxxx]

The [PacketRules.item_#] sections specify network packet rules for the Firewall Manager task.

You can define several [PacketRules.item_#] sections in a configuration file in any order. Kaspersky Endpoint Security will process scopes by an item index, in ascending order.

Each [PacketRules.item_#] section contains the following settings:

Name

A network packet rule name.

Default value: Network rule #<n>; where, n is an index.

FirewallAction

Action to be performed on connections specified in this network packet rule.

Available values:

Allow—Allow network connection

Block—Block network connection

Default value: Allow

Protocol

Type of protocol for which network activity is to be monitored.

Available values:

Any—The Firewall Manager monitors all network activity

TCP

UDP

ICMP

ICMPv6

IGMP

GRE

Default value: Any

RemotePorts

Port numbers of the remote computers between which the connection is to be monitored.

This setting can be specified only if the Protocol setting value was set to TCP or UDP.

Integer or interval can be specified for this setting.

Available values:

Any—All remote ports are monitored

0-65535

Default value: Any

LocalPorts

Port numbers of the local computers between which the connection is to be monitored.

This setting can be specified only if the Protocol setting value was set to TCP or UDP.

Integer or interval can be specified for this setting.

Available values:

Any—All local ports are monitored

0-65535

Default value: Any

ICMPType

ICMP packet type.

This setting can be specified only if the Protocol setting value was set to ICMP or ICMPv6.

Available values:

Any—All ICMP packet types are monitored

Integer according to a data transfer protocol specification

Default value: Any

ICMPCode

ICMP packet code.

This setting can be specified only if the Protocol setting value was set to ICMP or ICMPv6.

Available values:

Any—All ICMP packet codes are monitored

Integer according to a data transfer protocol specification

Default value: Any

Direction

Direction of the monitored network activity.

Available values:

IncomingOutgoing—Monitor both inbound and outbound connections

Incoming—Monitor inbound connections

Outgoing—Monitor outbound connections

IncomingPacket—Monitor incoming packets

OutgoingPacket—Monitor outgoing packets

IncomingOutgoingPacket—Monitor both incoming and outgoing connections

Default value: IncomingOutgoing

RemoteAddress

The network addresses of remote computers that can send and / or receive network packets.

Available values:

Any—Monitor network packets sent and/or received by remote computers with any IP address

Trusted—All Trusted networks

Local—All Local networks

Public—All Public networks

d.d.d.d—IPv4 address; where, d is a decimal number 0-255

d.d.d.d/p—Subnet of IPv4 addresses; where, p is a number 0-32

x:x:x:x:x:x:x:x—IPv6 address; where, x is a hexadecimal number 0-ffffff

x:x:x:x::0/p—Subnet of IPv6 addresses; where, p is a number 0-64

Default value: Any

LocalAddress

Network addresses of computers that have Kaspersky Endpoint Security installed and can send and / or receive network packets.

Available values:

Any—Monitor network packets sent and/or received by remote computers with any IP address

d.d.d.d—IPv4 address; where, d is a decimal number 0-255

d.d.d.d/p—Subnet of IPv4 addresses; where, p is a number 0-32

x:x:x:x:x:x:x:x—IPv6 address; where, x is a hexadecimal number 0-ffffff

x:x:x:x::0/p—Subnet of IPv6 addresses; where, p is a number 0-64

Default value: Any

LogAttempts

Specify whether you want the actions of the network rule to be included in the report.

Available values:

Yes—Report actions

No—Do not report actions

Default value: No

Section [NetworkZonesPublic]

The [NetworkZonesPublic] section specifies network addresses associated with Public networks.

You can specify several IP addresses or subnets of IP addresses.

Address.item_xxxx

Available values:

d.d.d.d—IPv4 address; where, d is a decimal number 0-255

d.d.d.d/p—Subnet of IPv4 addresses; where, p is a number 0-32

x:x:x:x:x:x:x:x—IPv6 address; where, x is a hexadecimal number 0-ffffff

x:x:x:x::0/p—Subnet of IPv6 addresses; where, p is a number 0-64

Default value: “” (no network addresses in this zone)

Section [NetworkZonesLocal]

The [NetworkZonesLocal] section specifies network addresses associated with Local networks.

You can specify several IP addresses or subnets of IP addresses.

Address.item_xxxx

Available values:

d.d.d.d—IPv4 address; where, d is a decimal number 0-255

d.d.d.d/p—Subnet of IPv4 addresses; where, p is a number 0-32

x:x:x:x:x:x:x:x—IPv6 address; where, x is a hexadecimal number 0-ffffff

x:x:x:x::0/p—Subnet of IPv6 addresses; where, p is a number 0-64

Default value: “” (no network addresses in this zone)

Section [NetworkZonesTrusted]

The [NetworkZonesTrusted] section specifies network addresses associated with Trusted networks.

You can specify several IP addresses or subnets of IP addresses.

Address.item_xxxx

Available values:

d.d.d.d—IPv4 address; where, d is a decimal number 0-255

d.d.d.d/p—Subnet of IPv4 addresses; where, p is a number 0-32

x:x:x:x:x:x:x:x—IPv6 address; where, x is a hexadecimal number 0-ffffff

x:x:x:x::0/p—Subnet of IPv6 addresses; where, p is a number 0-64

Default value: “” (no network addresses in this zone)

Page top