Client firewall default configuration

  • ID dell'articolo: 16608
  • Aggiornato: 29 gen 2012

The following are the 'factory default' rules and configuration settings for the small business solutions version of the Sophos Client Firewall. They are used from the initial reboot, until some other policy or configuration is applied.

  1. General settings
  2. ICMP settings
  3. LAN settings
  4. Global rules
  5. Application rules
  6. Process-control settings
  7. Log settings
  8. Checksum settings

1. General settings

  • Disable Firewall = false
  • Firewall mode = non-interactive + report (except standalone installer, where mode is Learning)
  • Report Application Events = true
  • Report Errors = true
  • Hide Tray Icon = false
  • Stealth Mode = true
  • Checksum Applications = true
  • Block Modified Memory = true

2. ICMP settings

  • ICMP = 0 IN
  • ICMP = 3 IN OUT
  • ICMP = 8 OUT
  • ICMP = 10 IN OUT
  • ICMP = 11 IN

3. LAN settings

[IP address of your local LAN settings, e.g. 172.16.00] (255.255.0.0) NetBIOS.

4. Global Rules

ICMP From The Management Console

Rule

  • Name = Allow ICMP From The Management Console
  • Enabled = True
  • High Priority = true
  • Ignore Checksum = false
  • Default Rule = True

    Where the protocol is IP and the type is ICMP
      and the direction is Inbound and Outbound
      and the remote address is [IP address of the Management Console server, e.g. 172.16.101.74]
    Allow it

DCOM Communication From The Management Console (UDP)

Rule

  • Name = Allow DCOM Communication From The Management Console (UDP)
  • Enabled = true
  • High Priority = true
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the direction is Inbound
      and the remote address is  [IP address of the Management Console server, e.g. 172.16.101.74]
      and the local port is 135
    Allow it

DCOM Communication From The Management Console (TCP)

Rule

  • Name = Allow DCOM Communication From The Management Console (TCP)
  • Enabled = true
  • High Priority = true
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Inbound
      and the remote address is  [IP address of the Management Console server, e.g. 172.16.101.74]
      and the local port is DCOM
    Allow it

Loopback TCP Connection

Rule

  • Name = Allow Loopback TCP Connection
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the remote address is 127.0.0.0 (255.0.0.0)
    Allow it

GRE Protocol

Rule

  • Name = Allow GRE Protocol
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is IP and the type is GRE
    Allow it

PPTP Control Connection

Rule

  • Name = Allow PPTP Control Connection
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is PPTP
      and the local port is 1024-65535
    Allow it

Loopback UDP Connection

Rule

  • Name = Allow Loopback UDP Connection
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the remote address is 127.0.0.0 (255.0.0.0)
      and the local port is equal to remote port
    Allow it

Block RPC Call (TCP)

Rule

  • Name = Block RPC Call (TCP)
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Inbound
      and the local port is DCOM
    Block it

Block RPC Call (UDP)

Rule

  • Name = Block RPC Call (UDP)
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the local port is 135
    Block it

Outgoing TCP

Rule

  • Name = Allow outgoing TCP
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
    Allow it

Outgoing UDP

Rule

  • Name = Allow outgoing UDP
  • Enabled = true
  • High Priority = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
    Allow it
      and stateful inspection

5. Application rules

alg.exe (Windows Firewall component)

Name = alg.exe
Description =
Type = custom

Rules

  • Allow ALG Redirect
    Name = Allow ALG Redirect
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Inbound
    Allow it
      and stateful inspection

  • Microsoft Application Layer Gateway Service connection
    Name = Microsoft Application Layer Gateway Service connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is FTP
    Allow it
      and stateful inspection

lsass.exe (Local Security Authority Subsystem Service)

Name = lsass.exe
Description =
Type = custom

Rules

  • Local Security Authority Service Kerberos UDP connection
    Name = Local Security Authority Service Kerberos UDP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 88
    Allow it
      and stateful inspection

  • Local Security Authority Service Kerberos TCP connection
    Name = Local Security Authority Service Kerberos TCP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 88
    Allow it

  • LSASS LDAP connection to Global Catalog Server
    Name = LSASS LDAP connection to Global Catalog Server
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 3268-3269
    Allow it
      and stateful inspection

  • Local Security Authority Service LDAP UDP connection
    Name = Local Security Authority Service LDAP UDP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 389
    Allow it
      and stateful inspection

  • Local Security Authority Service LDAP TCP connection
    Name = Local Security Authority Service LDAP TCP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is LDAP
    Allow it
      and stateful inspection

  • Local Security Authority Service DCOM dynamic port allocation
    Name = Local Security Authority Service DCOM dynamic port allocation
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 1025-1040
    Allow it

  • Local Security Authority Service DCOM connection
    Name = Local Security Authority Service DCOM connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DCOM
    Allow it
  • DNS Resolving (TCP)
    Name = Allow DNS Resovling (TCP)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DOMAIN
    Allow it
  • DNS Resolving (UDP)
    Name = Allow DNS Resolving (UDP)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
      and the remote port is DNS
    Allow it
      and stateful inspection

services.exe (Windows Service Controller)

Name = services.exe
Description =
Type = custom

Rules

  • Services DCOM connection
    Name = Services DCOM connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DCOM
    Allow it

  • Services DCOM dynamic port allocation
    Name = Services DCOM dynamic port allocation
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 1090-1110
    Allow it

  • Services LDAP connection
    Name = Services LDAP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is LDAP, 3268
    Allow it

  • Allow DNS Resolving (TCP)
    Name = Allow DNS Resolving (TCP)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DOMAIN
    Allow it

  • Allow DNS Resolving (UDP)
    Name = Allow DNS Resolving (UDP)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
      and the remote port is DNS
    Allow it
      and stateful inspection

  • Allow DHCP
    Name = Allow DHCP
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is BOOTPS
      and the local port is BOOTPC
    Allow it

  • Allow DHCP (v6)
    Name = Allow DHCP (v6)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is DHCP_Server
      and the local port is DHCP_Client
    Allow it

svchost.exe (Service Host)

Name = svchost.exe
Description =
Type = custom

Rules

  • Allow DNS Resolving (TCP)
    Name = Allow DNS Resolving (TCP)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DOMAIN
    Allow it

  • Allow DNS Resolving (UDP)
    Name = Allow DNS Resolving (UDP)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
      and the remote port is DNS
    Allow it
      and stateful inspection

  • Allow DHCP
    Name = Allow DHCP
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is BOOTPS
      and the local port is BOOTPC
    Allow it

  • Allow DHCP (v6)
    Name = Allow DHCP (v6)
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is DHCP_Server
      and the local port is DHCP_Client
    Allow it

userinit.exe (User Initialization)

Name = userinit.exe
Description =
Type = custom

Rules

  • Microsoft Userinit LDAP connection
    Name = Microsoft Userinit LDAP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is LDAP, 3268
    Allow it

  • Microsoft Userinit DCOM Connection
    Name = Microsoft Userinit DCOM Connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DCOM
    Allow it

winlogon.exe (Windows Logon)

Name = winlogon.exe
Description =
Type = custom

Rules

  • Microsoft Winlogon LDAP connection
    Name = Microsoft Winlogon LDAP connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is LDAP, 3268
    Allow it

  • Microsoft Winlogon DCOM connection
    Name = Microsoft Winlogon DCOM connection
    Enabled = true
    High Priority = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is DCOM
    Allow it

6. Process-control settings

Hidden processes

  • Warn = true

Raw sockets

  • Warn = true

7. Log settings

  • Keep All Records = false
  • Expired Days = -1
  • Max Records = -1
  • Max Database Size = 50

8. Checksum settings

No checksums are preconfigured.

 
Per maggiori informazioni o per assistenza, vi preghiamo di contattare il supporto tecnico.

Valutate l'articolo

Molto scadente Eccellente

Commenti