Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2898 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Firewall 3

JohnLee

Hi,

Installed SCF 3.0 on windows 8 pro after a few issues but finally got everything working.

First thoughts of SCF 3.0 are good but the basic configuration setup is hopeless.  It does not even contain internet explorer as an allowed application.  I understand that some deployments do not want this allowable but it would be easier to remove some applications than to set every permission one at a time.

Secondondly, when you view the blocked logs, you cannot assign the application to the allow list drirect from the log, you have to search each application one at a time.  A very slow process indeed.

Finally, are there any templates which can be modified to speed up this process and to assist deployment across a all client standalone systems.

Regards

John

:41053


This thread was automatically locked due to age.
Parents
  • 0

    Hello John,

    firewall (policy) deployment is naturally not as simple and easy as for the other components. There aren't any templates but sets of predefined rules. Have you read the Administrator roll-out guidelines for Sophos firewall? it's not version-specific and lists two methods. If I understand you correctly you're basically following method one - and found that creating rules is not as easy as one would wish.

    Personally I'd use a slightly different approach - IIRC, a previous incarnation of the mentioned article suggested either using Interactive Mode on the client (which lets you create policies on the fly but has three major drawbacks: 1) it works only for connections attempted while a user is already logged on, 2) it might prompt you several times for an application and you could end with more rules than necessary and 3) some applications don't deal as desired with the delay caused by interctive mode) or the monitoring method with a single client (or very few). Thus I'd monitor a client until after the login has completed and use the events to create a "foundation" policy. Then I'd use Interactive mode to add the necessary application rules. Once this is done you can roll out the policy (with Block by default) to a number of clients and make any amendments.

    Christian 

    :41063
Reply
  • 0

    Hello John,

    firewall (policy) deployment is naturally not as simple and easy as for the other components. There aren't any templates but sets of predefined rules. Have you read the Administrator roll-out guidelines for Sophos firewall? it's not version-specific and lists two methods. If I understand you correctly you're basically following method one - and found that creating rules is not as easy as one would wish.

    Personally I'd use a slightly different approach - IIRC, a previous incarnation of the mentioned article suggested either using Interactive Mode on the client (which lets you create policies on the fly but has three major drawbacks: 1) it works only for connections attempted while a user is already logged on, 2) it might prompt you several times for an application and you could end with more rules than necessary and 3) some applications don't deal as desired with the delay caused by interctive mode) or the monitoring method with a single client (or very few). Thus I'd monitor a client until after the login has completed and use the events to create a "foundation" policy. Then I'd use Interactive mode to add the necessary application rules. Once this is done you can roll out the policy (with Block by default) to a number of clients and make any amendments.

    Christian 

    :41063
Children
No Data
Cookie Information Banner