Editing the Firewall Exception Template

The firewall exception template contains policy exceptions that you can configure to allow or block different kinds of network traffic based on the Security Agent endpoint's port number(s) and IP address(es). After creating a policy exception, edit the policies to which the policy exception applies.

Decide which type of policy exception you want to use. There are two types:

• Restrictive

  Blocks only specified types of network traffic and applies to policies that allow all network traffic. An example use of a restrictive policy exception is to block Security Agent ports vulnerable to attack, such as ports that Trojans often use.

• Permissive

  Allows only specified types of network traffic and applies to policies that block all network traffic. For example, you may want to permit Security Agents to access only the Apex One server and a web server. To do this, allow traffic from the trusted port (the port used to communicate with the Apex One server) and the port the Security Agent uses for HTTP communication.

  Security Agent listening port: Agents > Agent Management > Status. The port number is under Basic Information.

  Server listening port: Administration > Settings > Agent Connection. The port number is under Agent Connection Settings.

  Apex One comes with a set of default firewall policy exceptions, which you can modify or delete.

  Table 1. Default Firewall Policy Exceptions

  Exception Name	Action	Protocol	Port	Direction
  DNS	Allow	TCP/UDP	53	Incoming and outgoing
  NetBIOS	Allow	TCP/UDP	137, 138, 139, 445	Incoming and outgoing
  HTTPS	Allow	TCP	443	Incoming and outgoing
  HTTP	Allow	TCP	80	Incoming and outgoing
  Telnet	Allow	TCP	23	Incoming and outgoing
  SMTP	Allow	TCP	25	Incoming and outgoing
  FTP	Allow	TCP	21	Incoming and outgoing
  POP3	Allow	TCP	110	Incoming and outgoing
  LDAP	Allow	TCP/UDP	389	Incoming and outgoing