All Collections
Endpoint Protection
Feature overview: Firewall
Feature overview: Firewall

An overview of the firewall functionality in Defense.com Endpoint Protection.

Mikey Anderson avatar
Written by Mikey Anderson
Updated over a week ago

The firewall in Defense.com Endpoint Protection controls application access to the network and to the Internet. Access is automatically allowed for a comprehensive database of known, legitimate applications. Furthermore, the firewall protects the system against port scans (which allow hackers to see which services are running on your computer).

The firewall is pre-configured in your endpoint package using default settings that are recommended by the Defense.com team. The following information describes the specific functionality available and any custom options that can be configured with the help of your Defense.com representative.

General settings

The following settings are available to be configured as part of your endpoint package(s):

  • Firewall on/off

  • Allow Internet Connection Sharing (ICS)

  • Monitor Wi-Fi connections

  • Block port scans

The firewall automatically applies a profile based on the trust level. You can have different trust levels for network connections, depending on the network architecture or on the type of the adapter used to establish the network connection.

For example, if you have sub-networks within your company's network, you can set a trust level to each sub-network. The following settings can be configured by your Defense.com representative where required:

Network settings

If you want the firewall to apply different profiles to several network segments within your company, the following information will be required:

  • Name

    A unique name for your network.

  • Type

    The Defense.com agent automatically applies one of the four network profiles to each detected network connection on the endpoint, to define the basic traffic filtering options:

    • Trusted network. Disables the firewall for the respective adapters. The traffic is allowed and not filtered.

    • Home/Office network. Allows all traffic to and from computers in the local network while the other traffic is being filtered.

    • Public network. All traffic is filtered.

    • Untrusted network. Completely blocks network and Internet traffic through the respective adapters.

  • Identification

    Networks can be identified by three methods: DNS, Gateway and Network:

    • DNS: identifies all endpoints using the specified DNS.

    • Gateway: identifies all endpoints communicating through the specified gateway.

    • Network: identifies all endpoints from the specified network segment, defined by its network address.

  • MAC

    Specify the MAC address of a DNS server or of a gateway that delimits the network, depending on the selected identification method.

    The MAC address must be in the hexadecimal format, separated by hyphens (-) or colons (:). For example, both 00-50-56-84-32-2b and 00:50:56:84:32:2b are valid addresses.

  • IP

    Define specific IP addresses in a network. The IP format depends on the identification method as follows:

    • Network. Enter the network number in the CIDR format. For example, 192.168.1.0/24, where 192.168.1.0 is the network address and /24 is the network mask.

    • Gateway. Enter the IP address of the gateway.

    • DNS. Enter the IP address of the DNS server.

Adapter settings

If a network is detected that is not already defined in the Networks settings, the Defense.com agent detects the network adapter type and applies a corresponding profile to the connection.

The following options can also be configured by your Defense.com representative if required:

  • Type

    Displays the type of the network adapters. Three predefined adapter types can be detected: Wired, Wireless and Virtual (Virtual Private Network).

  • Network type. Describes the network profile assigned to a specific adapter type. Different settings can be applied if required:

    The 'Let Windows decide' setting can be applied for any new network connection detected after the policy is applied. This applies a profile for the firewall based on the network classification in Windows, ignoring any default settings.

    If the detection based on Windows Network Manager fails, a basic detection is attempted. A generic profile is used, where the network profile is considered Public and the stealth settings are set to On.

    When the endpoint joined in Active Directory connects to the domain, the firewall profile is automatically set to Home/Office and the stealth settings are set to Remote. If the computer is not in a domain, this condition is not applicable.

  • Network discovery

    Hides the computer from malicious software and hackers in the network or the Internet. Computer visibility in the network can be configured as needed, for each adapter type, with one of the following options:

    • Yes. Anyone from the local network or the Internet can ping and detect the computer.

    • No. The computer is invisible from both the local network and the Internet.

    • Remote. The computer cannot be detected from the Internet. Anyone from the local network can ping and detect the computer.

For more information about how your firewall options can be configured, please contact your Defense.com representative.

Did this answer your question?