Device Configuration : Protect : Firewall
Firewall
Firewall rules are security rule-sets to implement control over users, applications or network objects in an organization. Using Firewall rules, you can create blanket or specialized traffic transit rules based on the requirement. Firewall rules provide centralized management for the entire set of device security Firewall rules. Sophos Central Firewall Manager implements single pane of management to secure all enterprise applications using configuration templates for various types of Firewall rules.
Following sections provide more information on the Firewall section.
Introduction
Managing Firewall Rules
Default Firewall Rules
Understanding Icons
Understanding List of Firewall Rules
Introduction
Firewall rules are based on the following configurable templates:
1. Business Application Rule
2. User/Network Rule
Managing Firewall Rules
You can see the entire list of added security Firewall rules from the Firewall page. Using the same page, you can update existing firewall rules, or add new firewall rules.
On the Firewall page, the following action buttons can be found.
IPv4: Select to filter only IPv4 Firewall rules
IPv6: Select to filter only IPv6 Firewall rules
Enable Filter: Select to open filter view and apply the following filters for IPv4 or IPv6 Firewall rules:
1. Rule Type - Select to filter rules based on Business, User or Network
2. Source Zone - Select to filter rules based on LAN, WAN, DMZ, VPN or WiFi
3. Destination Zone - Select to filter rules based on LAN, WAN, DMZ, VPN or WiFi
4. State - Select to filter rules based on Unused, Disabled, Changed, New
5. Rule ID - Specify Rule ID to see the specific rule.
Reset Filter (Available if filter is enabled) - Select to reset all filters
Disable Filter (Available if filter is enabled) - Select to close filter view
+ Add Firewall Rule - Select to add a new Firewall Rule among Business Application Rule, or User/Network Rule.
Default Firewall Rules
The following default Firewall Rules are created with first time deployment of CFM:
1. Auto added firewall policy for MTA
* Default Firewall Rules cannot be deleted.
Understanding Icons
There are various action icons as well as symbolic icons on the Firewall page. Color codes, meanings and associated actions of icons are shown below.
Icons
Meaning
Business Application Rule Enabled
Business Application Rule Disabled
User Rule Disabled + Action - Accept
User Rule Disabled + Action - Drop/Reject
User Rule Enabled + Action - Drop/Reject
User Rule Enabled
Network Rule Enabled
Network Rule Disabled + Action - Accept
Network Rule Disabled + Action - Drop/Reject
Network Rule Enabled + Action - Drop/Reject
Anti-Virus Scanning Disable
Anti-Virus Scanning Enable
Application Control Disable
Application Control Allow All
Application Control Deny All
Application Control Drop
Security Heartbeat Disable / No Restriction
Security Heartbeat Enable - Green
Security Heartbeat Enable - Yellow
Security Heartbeat - No Restriction + No Heartbeat.
Security Heartbeat - No Restriction + Green
Security Heartbeat - No Restriction + Yellow
Intrusion Prevention Disable
Intrusion Prevention Enable
NAT Disable
NAT Enable
Traffic Shaping Policy Disabled
Traffic Shaping Policy Enabled
Web Policy Disable
Web Policy Allow
Web Policy Deny
Web Policy Drop
Routing Enabled
Routing Disabled
Firewall Rule enabled. Click to disable the rule.
Firewall Rule disabled. Click to enable the rule.
Edit Rule
Delete Rule
Color Codes
Red
Reject/Drop
Green
Accept/Allow
Yellow
Drop (In case of policies)
Blue
On/Enable
Grey
Off/Disable
Understanding List of Firewall Rules
All added Firewall Rules are available in the form of a list. Each Firewall Rule in the list presents quick snapshot of the rule.
Details of the rule:
Rule Name: Name of the rule.
Firewall Rule Features: Status of schedule, Heartbeat, IPS and traffic shaping.
Source: Source zone.
Destination: Destination zone.
What: Displays protected domains/services.
Action: Status of protected servers, status of web and application protection for user
ID: Rule ID
User’s Policy Applied: Status of application filter, web policy, AV and AS scanning, NAT policy and route through gateway, if configured
To view details of the Source, Destination, What (type of service) and Features, hover over the Features.
Click for the following options to appear:
Edit
Clone
Add User/Network Rule
Add Business Application Rule
Synchronize
Delete