Firewall Rules represent conditions used to meaningfully test all network connections and actions assigned to these conditions. Editing or adding Firewall rules may be required when the network settings change (for example, the network address or port number for the remote side changes) to ensure the correct operation of an application affected by a rule. An experienced user should create custom Firewall rules.
To add or edit a Firewall rule, open Advanced setup > Protections > Network access protection > Firewall > Rules > Edit. In the Firewall rules window, click Add or Edit.
Name—Type a name for the rule.
Enabled—Click the toggle to make the rule active.
Add actions and conditions for the Firewall rule:
Action
Action—Select if you want to Allow/Block the communication which matches the conditions defined in this rule or if you want ESET Small Business Security to Ask every time the communication establishes.
Log rule—If the rule is applied, it will be recorded in Log files.
Logging severity—Select the severity of the log record for this rule.
Notify user—Displays a notification when the rule is applied.
|
Application
Specify an application where this rule will be applied.
Application path—Click ... and navigate to an application or type the application's full path (for example C:\Program Files\Firefox\Firefox.exe). Do NOT type the name of the application alone.
Application signature—You can apply the rule to applications based on their signatures (publisher's name). Select from the drop-down menu if you want to apply the rule to applications with Any valid signature or to applications Signed by a specific signer. If you select applications Signed by a specific signer, you must define the signer in the Name of signer field.
Microsoft Store application—Select an application installed from the Microsoft Store in the drop-down menu.
Service—You can select a system service instead of an application. Open the drop-down menu to select a service.
Apply to child processes—Some applications may run more processes while you see only one application window. Click the toggle to enable the rule for every process in the specified application.
|
Direction
Select the Direction of communication for this rule:
•Both—Inbound and outbound communication
•In—Inbound communication only
•Out—Outbound communication only |
IP protocol
Select a Protocol from the drop-down menu if you only want this rule to apply to a specific protocol.
|
Local host
Local addresses, address range or subnet where this rule is applied. If there is no address specified, the rule will apply to all communication with local hosts. You can add IP addresses, address ranges or subnets directly into the IP text field or select from existing IP sets by clicking Edit next to IP sets.
|
Local port
Local Port number(s). If no numbers are supplied, the rule will apply to any port. You can add a single communication port or a range of communication ports.
|
Remote host
Remote address, address range or subnet where this rule is applied. If no address is specified, the rule will apply to all communication with remote hosts. You can add IP addresses, address ranges or subnets directly into the IP text field or select from existing IP sets by clicking Edit next to IP sets.
|
Remote port
Remote Port number(s). If no numbers are supplied, the rule will apply to any port. You can add a single communication port or a range of communication ports.
|
Profile
A Firewall rule can be applied to specific Network connection profiles.
Any—The rule will be applied to any network connection despite the used profile.
Selected—The rule will be applied to a specific network connection based on the selected profile. Select the check box next to the profiles you want to select.
|
|
|
In this example, we create a new rule to allow the Firefox web browser application to access the internet/local network websites:
1.In the Action section, select Action > Allow.
2.In the Application section, specify the Application path of the web browser (for example C:\Program Files\Firefox\Firefox.exe). Do NOT type the name of the application alone.
3.In the Direction section, select Direction > Out.
4.In the IP protocol section, select TCP & UDP from the Protocol drop-down menu.
5.In the Remote port section, add Port numbers: 80,443 to allow standard browsing. |