Views:

The firewall exception template contains policy exceptions that you can configure to allow or block different kinds of network traffic based on the Security Agent endpoint's port number(s) and IP address(es). After creating a policy exception, edit the policies to which the policy exception applies.

Decide which type of policy exception you want to use. There are two types:

  • Restrictive

    Blocks only specified types of network traffic and applies to policies that allow all network traffic. An example use of a restrictive policy exception is to block Security Agent ports vulnerable to attack, such as ports that Trojans often use.

  • Permissive

    Allows only specified types of network traffic and applies to policies that block all network traffic. For example, you may want to permit Security Agents to access only the Apex One server and a web server. To do this, allow traffic from the trusted port (the port used to communicate with the Apex One server) and the port the Security Agent uses for HTTP communication.

    Security Agent listening port: Agents > Agent Management > Status. The port number is under Basic Information.

    Server listening port: Administration > Settings > Agent Connection. The port number is under Agent Connection Settings.

    Apex One comes with a set of default firewall policy exceptions, which you can modify or delete.

    Table 1. Default Firewall Policy Exceptions

    Exception Name

    Action

    Protocol

    Port

    Direction

    DNS

    Allow

    TCP/UDP

    53

    Incoming and outgoing

    NetBIOS

    Allow

    TCP/UDP

    137, 138, 139, 445

    Incoming and outgoing

    HTTPS

    Allow

    TCP

    443

    Incoming and outgoing

    HTTP

    Allow

    TCP

    80

    Incoming and outgoing

    Telnet

    Allow

    TCP

    23

    Incoming and outgoing

    SMTP

    Allow

    TCP

    25

    Incoming and outgoing

    FTP

    Allow

    TCP

    21

    Incoming and outgoing

    POP3

    Allow

    TCP

    110

    Incoming and outgoing

    LDAP

    Allow

    TCP/UDP

    389

    Incoming and outgoing

Note:

Default exceptions apply to all agents. If you want a default exception to apply only to certain agents, edit the exception and specify the IP addresses of the agents.

The LDAP exception is not available if you upgrade from a previous Apex One version. Manually add this exception if you do not see it on the exception list.