Set up a basic firewall policy

By default, the firewall is enabled and blocks all non-essential traffic. Therefore, you should configure it to allow the applications you want to use, and test it before installing it on all computers. See the Sophos Enterprise Console policy setup guide for detailed advice.

For more information about the default firewall settings, see Sophos knowledgebase article 57757.

For information about preventing network bridging, see Device control policy.

Important When you apply a new or updated policy to computers, applications that were allowed before may be blocked briefly until the new policy is fully applied. You should notify your users about this before you apply new policies.
Note If you use role-based administration:
  • You must have the Policy setting - firewall right to configure a firewall policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information about role-based administration, see Managing roles and sub-estates.

To set up a basic firewall policy:

  1. In the Policies pane, double-click Firewall.
  2. Double-click the Default policy to edit it.
    The Firewall Policy wizard appears. Follow the instructions on the screen. There is additional information on some of the options below.
  3. On the Configure firewall page, select the type of location:
    • Select Single location for computers that are always on the network, for example, desktops.
    • Select Dual location if you want the firewall to use different settings according to the location where computers are used, for example, in the office (on the network) and out of office (off the network). You may want to set up dual location for laptops.
  4. On the Operational mode page, select how the firewall will handle inbound and outbound traffic:

    Mode

    Description

    Block inbound and outbound traffic

    • Default level. Offers the highest security.
    • Only allows essential traffic through the firewall and authenticates the identity of applications using checksums.
    • To allow applications commonly used in your organization to communicate through the firewall, click Trust. For more information, see About trusting applications.

    Block inbound and allow outbound traffic

    • Offers a lower security level than Block inbound and outbound traffic.
    • Allows your computers to access the network and internet without you having to create special rules.
    • All applications are allowed to communicate through the firewall.

    Monitor

    • Applies to network traffic the rules that you have set up. If traffic has no matching rule, it is reported to the console, and only allowed if it is outbound.
    • Enables you to collect information about your network, and to then create suitable rules before deploying the firewall to your computers. For more information, see About using monitor mode.
  5. On the File and printer sharing page, select Allow file and printer sharing if you want to allow computers to share local printers and folders on the network.

After you have set up the firewall, you can view firewall events (for example, applications blocked by the firewall) in the Firewall - Event Viewer. For details, see View firewall events.

The number of computers with events over a specified threshold within the last seven days is also displayed on the Dashboard.