Sophos

Online support

Product maintenance

Contact support

Support services

Download Free hard drive encryption - Download a trial of SafeGuard Easy

Sophos Client Firewall: default configuration in version 1.5

The following are the 'factory default' rules and configuration settings for the Sophos Client Firewall, version 1.5. They are used from the initial reboot, until some other policy or configuration is applied.

If you would like to learn about the default firewall settings in Endpoint Security and Control (Sophos Client Firewall version 2), please see Best Practice: Firewall settings guide

  1. General settings
  2. ICMP settings
  3. LAN settings
  4. Global rules
  5. Application rules
  6. Process-control settings
  7. Log settings
  8. Checksum settings

1. General settings

  • Disable Firewall = false
  • Firewall mode = non-interactive + report (except standalone installer, where mode is Learning)
  • Report Application Events = true
  • Report Errors = true
  • Hide Tray Icon = false
  • Stealth Mode = true
  • Checksum Applications = true
  • Block Modified Memory = true

2. ICMP settings

  • ICMP = 0 IN
  • ICMP = 3 IN OUT
  • ICMP = 8 OUT
  • ICMP = 10 IN OUT
  • ICMP = 11 IN

3. LAN settings

No LAN settings are preconfigured.

4. Global Rules

Loopback TCP Connection

Rule

  • Name = Allow Loopback TCP Connection
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the remote address is 127.0.0.0 (255.0.0.0)
    Allow it

GRE Protocol

Rule

  • Name = Allow GRE Protocol
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is IP and the type is GRE
    Allow it

PPTP Control Connection

Rule

  • Name = Allow PPTP Control Connection
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 1723
      and the local port is 1024-65535
    Allow it

Loopback UDP Connection

Rule

  • Name = Allow Loopback UDP Connection
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the remote address is 127.0.0.0 (255.0.0.0)
      and the local port is equal to remote port
    Allow it

Block RPC Call (TCP)

Rule

  • Name = Block RPC Call (TCP)
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Inbound
      and the local port is 135
    Block it

Block RPC Call (UDP)

Rule

  • Name = Block RPC Call (UDP)
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the local port is 135
    Block it

Outgoing TCP

Rule

  • Name = Allow outgoing TCP
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
    Allow it

Outgoing UDP

Rule

  • Name = Allow outgoing UDP
  • Enabled = true
  • High Priority = false
  • Domain Rule = false
  • Ignore Checksum = false
  • Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
    Allow it
      and stateful inspection

5. Application rules

alg.exe (Windows Firewall component)

Name = alg.exe
Description =
Type = custom

Rules

  • Allow ALG Redirect
    Name = Allow ALG Redirect
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Inbound
    Allow it
      and stateful inspection

  • Microsoft Application Layer Gateway Service connection
    Name = Microsoft Application Layer Gateway Service connection
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 21
    Allow it
      and stateful inspection

lsass.exe (Local Security Authority Subsystem Service)

Name = lsass.exe
Description =
Type = custom

Rules

  • Local Security Authority Service Kerberos UDP connection
    Name = Local Security Authority Service Kerberos UDP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 88
    Allow it
      and stateful inspection

  • Local Security Authority Service Kerberos TCP connection
    Name = Local Security Authority Service Kerberos TCP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 88
    Allow it

  • LSASS LDAP connection to Global Catalog Server
    Name = LSASS LDAP connection to Global Catalog Server
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 3268-3269
    Allow it
      and stateful inspection

  • Local Security Authority Service LDAP UDP connection
    Name = Local Security Authority Service LDAP UDP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 389
    Allow it
      and stateful inspection

  • Local Security Authority Service LDAP TCP connection
    Name = Local Security Authority Service LDAP TCP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 389
    Allow it
      and stateful inspection

  • Local Security Authority Service DCOM dynamic port allocation
    Name = Local Security Authority Service DCOM dynamic port allocation
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 1025-1040
    Allow it

  • Local Security Authority Service DCOM connection
    Name = Local Security Authority Service DCOM connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 135
    Allow it

services.exe (Windows Service Controller)

Name = services.exe
Description =
Type = custom

Rules

  • Services DCOM connection
    Name = Services DCOM connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 135
    Allow it

  • Services DCOM dynamic port allocation
    Name = Services DCOM dynamic port allocation
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 1090-1110
    Allow it

  • Services LDAP connection
    Name = Services LDAP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 389, 3268
    Allow it

  • Allow DNS Resolving (TCP)
    Name = Allow DNS Resolving (TCP)
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 53
    Allow it

  • Allow DNS Resolving (UDP)
    Name = Allow DNS Resolving (UDP)
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
      and the remote port is 53
    Allow it
      and stateful inspection

  • Allow DHCP
    Name = Allow DHCP
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 67
      and the local port is 68
    Allow it

  • Allow DHCP (v6)
    Name = Allow DHCP (v6)
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 547
      and the local port is 546
    Allow it

svchost.exe (Service Host)

Name = svchost.exe
Description =
Type = custom

Rules

  • Allow DNS Resolving (TCP)
    Name = Allow DNS Resolving (TCP)
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 53
    Allow it

  • Allow DNS Resolving (UDP)
    Name = Allow DNS Resolving (UDP)
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the direction is Outbound
      and the remote port is 53
    Allow it
      and stateful inspection

  • Allow DHCP
    Name = Allow DHCP
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 67
      and the local port is 68
    Allow it

  • Allow DHCP (v6)
    Name = Allow DHCP (v6)
    Enabled = true
    High Priority = false
    Domain Rule = false
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is UDP
      and the remote port is 547
      and the local port is 546
    Allow it

userinit.exe (User Initialization)

Name = userinit.exe
Description =
Type = custom

Rules

  • Microsoft Userinit LDAP connection
    Name = Microsoft Userinit LDAP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 389, 3268
    Allow it

  • Microsoft Userinit DCOM Connection
    Name = Microsoft Userinit DCOM Connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 135
    Allow it

winlogon.exe (Windows Logon)

Name = winlogon.exe
Description =
Type = custom

Rules

  • Microsoft Winlogon LDAP connection
    Name = Microsoft Winlogon LDAP connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 389, 3268
    Allow it

  • Microsoft Winlogon DCOM connection
    Name = Microsoft Winlogon DCOM connection
    Enabled = true
    High Priority = false
    Domain Rule = true
    Ignore Checksum = false
    Default Rule = true

    Where the protocol is TCP
      and the direction is Outbound
      and the remote port is 135
    Allow it

6. Process-control settings

Hidden processes

  • Warn = true

Raw sockets

  • Warn = true

7. Log settings

  • Keep All Records = false
  • Expired Days = -1
  • Max Records = -1
  • Max Database Size = 50

8. Checksum settings

No checksums are preconfigured.

If you need more information or guidance, then please contact technical support.

Download Free hard drive encryption
Download a trial of SafeGuard Easy
  • Protect sensitive data from unauthorized use
  • Encrypt data, hard drives and removable media
  • Work uninterrupted with encryption on demand