Recommended settings
When setting up your firewall policy, consider the following:
- When Sophos Client Firewall is installed, Windows Firewall is turned off. Therefore, if you were using the Windows Firewall, make a note of existing configurations and move them to Sophos Client Firewall.
- Use the Allow by default mode to detect but not block traffic, applications, and processes. Initially defining a report-only policy enables you to gain a better view of network activity.
- Use the firewall Event Viewer to view which traffic, applications, and processes are being used. The Event Viewer also allows you to easily create rules that allow or block reported traffic, applications, and processes. You can access the Event Viewer by clicking .
- Review the rules created via the Event Viewer. An application may trigger multiple firewall events (different events for different actions performed by the application) but an application rule must cover all application actions. For example, an email client may trigger two different events when sending email and receiving email, but an application rule for that client must deal with both these actions.
- Allow the use of a web browser, email, file and printer sharing.
- We recommend that you do not change the default ICMP settings, global rules, and application rules unless you are knowledgeable about networking.
- We recommend that you create application rules rather than global rules whenever possible.
- Do not use the Interactive mode in a policy in which dual location is set up.
- Do not use the Interactive mode on large or medium-sized networks and in domain environments. The Interactive mode may be used to create firewall rules on very small networks (for example, up to 10 computers) in workgroup environments and on standalone computers.