Hi all, I'm wanting to really lock down on my Windows firewall rules. On endpoints that are running Sophos Endpoint Security & Control 9.5, I have the following rules (it is the same for both inbound & outbound): NAME - SOPHOS - RouterNT ACTION - Allow the connection PROGRAM - %ProgramFiles% (x86)\Sophos\Remote Management System\RouterNT.exe SERVICES - Apply to all programs and services PROTOCOLS & PORTS - Protocol Type - Any SCOPE - Local IP Address - Any IP Address Remote IP Address - Any IP Address ADVANCED PROFILES - Domain I want to harden the rules so what is recommended? Is this rule only needed for outbound and not inbound rules (or vice versa)? Should I specify Local IP Address as the endpoint and the Remote IP Address as the Sophos server? Can I restrict the protocols to TCP on local & remote ports 8192-8194 (or other)? Should I specify the Sophos server in Authorized Computers rather than in the Scope? Many questions and I'm sure more will arise, so thanks in advance to any that reply. :10263

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Firewall Rules

Hi all,

I'm wanting to really lock down on my Windows firewall rules. On endpoints that are running Sophos Endpoint Security & Control 9.5, I have the following rules (it is the same for both inbound & outbound):

NAME - SOPHOS - RouterNT
ACTION - Allow the connection
PROGRAM - %ProgramFiles% (x86)\Sophos\Remote Management System\RouterNT.exe
SERVICES - Apply to all programs and services
PROTOCOLS & PORTS - Protocol Type - Any
SCOPE - Local IP Address - Any IP Address Remote IP Address - Any IP Address
ADVANCED PROFILES - Domain

I want to harden the rules so what is recommended?
Is this rule only needed for outbound and not inbound rules (or vice versa)?
Should I specify Local IP Address as the endpoint and the Remote IP Address as the Sophos server?
Can I restrict the protocols to TCP on local & remote ports 8192-8194 (or other)?
Should I specify the Sophos server in Authorized Computers rather than in the Scope?

Many questions and I'm sure more will arise, so thanks in advance to any that reply.

This thread was automatically locked due to age.

Parents

0 Yabusame over 14 years ago

Hi Azurus,
I've managed to find that list from the knowledgebase too. Was actually wanting to know about restricting the windows firewall rule for RouterNT.exe.
Comments anyone?
:10309
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Yabusame over 14 years ago

Hi Azurus,
I've managed to find that list from the knowledgebase too. Was actually wanting to know about restricting the windows firewall rule for RouterNT.exe.
Comments anyone?
:10309
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data