Hi all, I'm wanting to really lock down on my Windows firewall rules. On endpoints that are running Sophos Endpoint Security & Control 9.5, I have the following rules (it is the same for both inbound & outbound): NAME - SOPHOS - RouterNT ACTION - Allow the connection PROGRAM - %ProgramFiles% (x86)\Sophos\Remote Management System\RouterNT.exe SERVICES - Apply to all programs and services PROTOCOLS & PORTS - Protocol Type - Any SCOPE - Local IP Address - Any IP Address Remote IP Address - Any IP Address ADVANCED PROFILES - Domain I want to harden the rules so what is recommended? Is this rule only needed for outbound and not inbound rules (or vice versa)? Should I specify Local IP Address as the endpoint and the Remote IP Address as the Sophos server? Can I restrict the protocols to TCP on local & remote ports 8192-8194 (or other)? Should I specify the Sophos server in Authorized Computers rather than in the Scope? Many questions and I'm sure more will arise, so thanks in advance to any that reply. :10263

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Firewall Rules

Hi all,

I'm wanting to really lock down on my Windows firewall rules. On endpoints that are running Sophos Endpoint Security & Control 9.5, I have the following rules (it is the same for both inbound & outbound):

NAME - SOPHOS - RouterNT
ACTION - Allow the connection
PROGRAM - %ProgramFiles% (x86)\Sophos\Remote Management System\RouterNT.exe
SERVICES - Apply to all programs and services
PROTOCOLS & PORTS - Protocol Type - Any
SCOPE - Local IP Address - Any IP Address Remote IP Address - Any IP Address
ADVANCED PROFILES - Domain

I want to harden the rules so what is recommended?
Is this rule only needed for outbound and not inbound rules (or vice versa)?
Should I specify Local IP Address as the endpoint and the Remote IP Address as the Sophos server?
Can I restrict the protocols to TCP on local & remote ports 8192-8194 (or other)?
Should I specify the Sophos server in Authorized Computers rather than in the Scope?

Many questions and I'm sure more will arise, so thanks in advance to any that reply.

This thread was automatically locked due to age.

Parents

0 Dave-Kilborn over 14 years ago

I am finding out slowly that my co-worker is shutting down the Windows firewall to just about anyone that can not update the anti-virus. I have explained to my boss that this is a bad idea and now I am asking you.
What ports/program do I need to allow through the Windows firewall for sophos to update via a local server?
Any and all assistance is appreciated.

Thank you
Dave-Kilborn
Pacific Crest Securities Administrator
:15799
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Dave-Kilborn over 14 years ago

I am finding out slowly that my co-worker is shutting down the Windows firewall to just about anyone that can not update the anti-virus. I have explained to my boss that this is a bad idea and now I am asking you.
What ports/program do I need to allow through the Windows firewall for sophos to update via a local server?
Any and all assistance is appreciated.

Thank you
Dave-Kilborn
Pacific Crest Securities Administrator
:15799
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data