Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 27638 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall configuration

zaqwsx1234

Hi,

I would like some assistance in creating a global rule that allows ftp, http and https.

I have configured a rule that allows http and https but for some reason, I can't browse any websites using internet explorer but when i add ieplorer.exe to the list of allowed applications, i am able to.

So my settings are as follows:

Protocol: stateful TCP

remote port: HTTPS

allow

same for HTTP and FTP

:56200


This thread was automatically locked due to age.
  • 0

    Hello zaqwsx1234.

    generally you should be careful with Global Rules and only use them together with the appropriate other settings. Do you intend to allow all connections to port 80 regardless of the application that requests the connection? Keep in mind that one of the major virtues of a client firewall is to allow connections only for specific applications (something a perimeter firewall can't do - that's why legitimate and rogue applications as well often use HTTP over port 80, because it's usually "open"). 

    add [it] the list of allowed applications

    Do you mean trusted under the Applications tab or some other setting? Is (the default) Use checksums to authenticate applications set under the General tab? But better than going through all the settings please open the firewall log (Blocked connections) and note the reason for blocking in the Reason column.

    Christian

    :56201
  • 0

    Well basically, We would like to set up a firewall policy to block all inbound traffic when on external networks and only to allow ports 443, 80 and 53 (TCP and UDP)

    When on internal network, only allowed applications are required to run. We do need to be able to use web browsers.

    I checked the reason for IE being blocked and it says "Launched Hidden" however i have gotten firefox to work by adding it to the list of allowed checksum. and yes i meant trusted under applications tab. 

    If  i would like to set a rule to allow FTP and HTTPS how would i go about this?

    :56202
  • 0

    Hello zaqwsx1234,

    since IE8 an individual iexplore.exe process is started for each window/tab. Thus you'd have to add iexplore.exe under the Processes tab. Guess your endpoints are Windows 7, otherwise you wouldn't get a Launched hidden.  

    As long as you are using checksums a global Browse rule (note that you might need other ports in addition to 80 and 443 though) should not pose much of a risk.

    Christian

    :56211
  • 0

    I have made it a habit now to add to checksum rather than creating a global rule although there are still global rules to allow 443 and 80 as well as FTP but for some reason, some users are being still being blocked from chrome even though it has been added to the checksum several times. Do you have any idea why this might be?

    :56252
  • 0

    Hello zaqwsx1234,

    still being blocked from chrome

    again, assessing the Reason is the first step. How did you add the checksums, BTW? From the console's Event Viewer or by some other means?

    Christian

    :56253
  • 0

    Sorry i forgot to mention, the reason being invalid checksum. I added it from the console through the firewall policy's checksum tab

    :56254
  • 0

    Hello zaqwsx1234,

    added [...] through the firewall policy's checksum tab

    which opens the Event Viewer with Event type set to Modified application (thus an application for which no checksum has been set, a New application, won't be shown by default). Is the checksum reported in the Event Viewer one of those already on the list? Please make sure the endpoints are using the correct policy (if you have more than one). Might be a good idea to check the Firewall log (Events - New or modified application) and the Checksums in the policy on an affected endpoint.        

    Christian

    :56255
  • 0

    I only have one policy set as we are testing it out before rolling it to all endpoints. Yes i have added the version of chrome with the right checksum. All versions of chrome that appeared in the event viewer have been added to the list. I had the same issue with my machine just now after updating chrome, I added the new checksum to the list and pushed out the policy, and then tried to connect, i got blocked out but after rebooting my machine, it worked. 

    I wonder why it doesn't take effect unless the machine is rebooted. Also shouldn't the HTTP allow global rule bypass this issue?

    :56256
  • 0

    Hello zaqwsx1234,

    dunno about Chrome but - if a process is blocked due to an invalid checksum it is not "unblocked" when the policy is updated. The process must be restarted, i.e. the current process (which has been blocked) remains blocked and can only  be terminated. 

    shouldn't the HTTP allow global rule bypass this issue?

    To quote from the Help: The firewall can use this checksum to decide whether an application is allowed or not. If an application fails verification it is not permitted to make any network connections, neither the LAN settings nor any of the Global and Application rules are considered.

    Christian

    :56258
  • 0

    Aha, thanks for that. This therefore means the policy will have to be modified from time to time as new versions of applications are realeased?

    :56259