Configuring network rules for Firewall

Firewall filters all network activity on a Windows device in accordance with the network rules. Network rules contain conditions that Firewall applies to monitor network connections on the device (for example, connection direction or protocol). Each network rule also specifies the action to be performed by Firewall on a connection that meets the rule conditions (whether the connection should be allowed or not).

To configure network rules for Firewall:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Security profiles section.

   The Security profiles section contains a list of security profiles configured in Kaspersky Endpoint Security Cloud.

3. In the list, select the security profile for the devices on which you want to configure Firewall.
4. Click the link with the profile name to open the security profile properties window.

   The security profile properties window displays settings available for all devices.

5. In the Windows group, select the Security settings section.
6. Switch the toggle button to Firewall is enabled.
7. Click the Settings link below the Firewall is enabled toggle button.

   The Firewall settings page opens.

8. Click the Settings link under Rules for processing network packets and data streams.

   The Rules for processing network packets and data streams page opens.

9. To add a new network rule, click Add.

   The New record page opens.

10. In the Action drop-down list, define whether Kaspersky Endpoint Security Cloud must allow or block any network activity by applications that meet the conditions set by the rule.
11. In the Name field, enter a name for the network rule.
12. In the Direction drop-down list, select the data stream to which the network rule must be applied.
13. In the Protocol section, perform one of the following actions:
    • If you need the rule to be applied to network packets and data streams transmitted over any protocols, select Any.
    • If you need the rule to be applied to specific protocols, select Select protocol and define the following settings:
      1. In the Select protocol drop-down list, select the relevant value.
      2. Click the Settings link under Select protocol.
      3. Depending on the value selected in the Select protocol drop-down list, either specify the local and remote port or select the relevant values for the ICMP type and ICMP code.
14. In the Remote network addresses drop-down list, select the group of addresses for which Firewall will monitor network activity.
15. If you selected Addresses from the list during the previous step, click the Settings link under the Remote network addresses drop-down list.

    The New record page opens.

16. Generate a list of addresses of the devices whose network activity the Firewall should monitor:
    • If you want to add a new address, click the Add button, and then specify the address in the entry field in the IP address or DNS name of the computer window that opens. Click OK.
    • If you want to change a previously added address, select the check box to the left of it and click the Modify button. Make the required changes and click the OK button.
    • If you want to delete a previously added address, select the check box to the left of it and click the Delete button.
17. Click the OK button.

The rule that you added will be displayed in the list of rules for network packets and data streams.

After the security profile is applied, Firewall will be enabled on Windows devices. The network activity of applications on those devices will be monitored in accordance with the configured network rules.