In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Sophos small business solutions: client firewall advanced custom configuration

This article describes how to use the advanced configuration options for the version of Sophos Client Firewall supplied with Sophos small business solutions. These options are available via non-interactive mode.

Other articles describe the following, less complex, modes

• outbound only mode (the default mode)
• named programs mode
• interactive custom configuration.

Note: It is often better to establish your configuration on a test workstation and then import it into Sophos Control Center, rather than to edit directly at the control center.

What to do

1. Accessing non-interactive mode

You can access non-interactive mode either from the Sophos Control Center, or at an individual workstation.

Sophos Control Center:

1. Open Sophos Control Center.
2. In the menu bar, select Action|Advanced firewall configuration.
3. In the 'Working mode' section of the General tab, select 'Non-interactive. The firewall deals with traffic automatically using your rules'.
4. Click 'OK'.
5. Click 'Yes' to the custom settings warning.

This saves your new custom configuration. You can edit it further by accessing 'Advanced firewall configuration' again.

At an individual workstation:

1. Right-click the firewall (brick wall) icon in the System tray.
2. Select 'Configure'.
3. In the 'Working mode' section of the General tab, select 'Non-interactive. The firewall deals with traffic automatically using your rules'.
4. Click 'OK'.

This saves your new custom configuration. You can edit it further by accessing again from the System tray.

2. Editing your client firewall configuration in non-interactive mode

While you are editing your configuration, make frequent backups by exporting it. You can then re-import it if you make a mistake.

Sophos Control Center:

1. Open Sophos Control Center.
2. In the menu bar, select Action|Advanced firewall configuration.
3. All non-interactive configuration is carried out from this panel. Select the tab that you want to edit.
4. When you have finished, click 'OK'.
5. Click 'Yes' to the custom settings warning.

Your new configuration has been saved.

At an individual workstation:

1. Right-click the firewall (brick wall) icon in the System tray.
2. Select 'Configure'.
3. All non-interactive configuration is carried out from this panel. Select the tab that you want to edit.
4. When you have finished, click 'OK'.

Your new configuration has been saved.

---

Updating an application

An application checksum may change when you update that application, or apply a hotfix or service patch to your computer's operating system. You will then need to update the checksums in Sophos Client Firewall.

When upgrading an application, do as follows:

• Install the upgrade on a test computer.
• Add the new checksum to its firewall configuration, but keep the old checksum as well.
  1. Click the Checksum tab.
  2. Click 'Add'.
  3. Browse to the application and select it.
  4. Click 'OK'.
• Test the configuration.
• Export the configuration from the test computer.

This is done so that you can roll out the new firewall configuration before you start your system upgrade. With both the old and new checksums in place, your computers and the firewall will continue to work during the upgrade.

• Merge the new configuration with your existing configuration(s) in Sophos Control Center. For more on this process, see 'Importing and exporting existing configurations' in the Sophos Client Firewall help file or user manual.

---

Notes on editing rules

Warning: There are security implications to editing Sophos Client Firewall rules.

• The rules editor is identical to the one used in the Sophos Endpoint Security version.
• See the Sophos Endpoint Security client firewall security implications knowledgebase articles for details.

Custom global rules

To create a custom global rule

• select the Global Rules tab
• and click 'Add'.

See the 'Set global rules' section of the Sophos Client Firewall help file or user manual for details.

Application rules

You can either create your application rules manually, or configure a template computer in interactive mode and then import and edit the rules established by that process. See the 'Importing and exporting existing configurations' section of the Sophos Client Firewall help file or user manual for details. Once you have imported a rule for an application, you can select it when you click 'Add' in the Applications tab in the Firewall Policy dialog.

• Preset configurations
  When creating rules for applications, you can use ready-made rules 'presets' for several different types of application, e.g. browsers and email clients. This is a quick way to create a rule.
  To add rules from a preset:
  • click the dropdown list by the 'Custom' button
  • select 'Add rules from preset'
  • select your preset.
  You can use a preset as a base from which to build a rule further, and then create your own presets for future use.
  For more information, see the 'Importing and exporting existing configurations' section of the Sophos Client Firewall help file or user manual.
• Creating rules manually
  To create rules manually:
  • click the 'Custom' button
  • in 'Application rules', click 'Add'
  • name and edit your new rule.
• Checksums
  You can change the checksums for an application in the Checksums tab. Adding a checksum means that a process will need both a valid process name, and the correct checksum, to be allowed to run by a rule.

Settings

The following settings are available for both global and application rules:

• Outgoing or incoming
  It is important to define whether a rule is to apply to incoming or outgoing traffic. Locking down what comes into computers will help prevent the flow of viruses and other malicious software.
  When creating a rule in Sophos Client Firewall, you can choose whether this rule applies to inbound traffic, outbound traffic or both. In the Applications tab
  • select the application that you want to edit
  • click 'Custom'
  • click 'Add'
  • give the rule a name
  • select 'Where the direction is'
  • in the 'Rule description' window, click the 'Undefined' hyperlink
  • select the direction you want the rule to affect (you can select both)
  • click 'OK'.
    
• Stateful inspection
  Stateful inspection allows you to check the contents of a data packet, so you can find out if it is part of an existing communication. This helps to avoid IP spoofing threats.
  
  All rules must take some action when triggered. That action may be to allow or to block. Stateful inspection of packets provides the facility to distinguish threats from legitimate processes.

If you need more information or guidance, then please contact technical support.

• Article ID: 16800
• Created: 27 Jul 2006
• Last updated: 9 Oct 2008

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement