skip to main content

Using Deep Freeze Cloud Console : Legacy Anti-Virus Service : Firewall Protection Tab
Firewall Protection Tab
Configure the following settings:
Firewall Protection Settings
Enable Firewall Protection - select the check box to enable Firewall Protection. Firewall Protection prevents hackers or malicious software from gaining access to your computer through the Internet or the network.
Allow users to disable firewall - select this option to allow users to disable the firewall at the computer.
Enable intrusion detection system - select this option to enable the Intrusion Detection System. The Intrusion Detection System (IDS) is used to allow or block network activity based on a defined Intrusion Detection Rule.
 
 
Firewall Logging
Log port scans - Select the check box to log all attempts at scanning ports over your network. The port scan data will be stored in the log file.
Log packets going to unopen ports - Select the check box to log data packets going to unopen ports. This data is useful to analyze the attempts to communicate with unopen ports in the network.
 
 
Firewall Rules
Configure settings for Program Rules, Network Rules, Advanced Rule, Intrusion Rules, and Trusted Zones.
Program Rules
Program Rules define the action taken by the firewall on the network activity to and from an application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted.
Click Add to add a new Program Rule. Specify or select the options and click OK. The following parameters are displayed:
Name - name of the rule.
Program - name of the program, including full path and extension.
Trusted Zone Inbound - the action to be taken for inbound communication to the program in a Trusted Zone (Allow, Block or Prompt).
Trusted Zone Outbound - the action to be taken for outbound communication from the program in a Trusted Zone (Allow, Block or Prompt).
Untrusted Zone Inbound - the action to be taken for inbound communication to the program in an Untrusted Zone (Allow, Block or Prompt).
Untrusted Zone Outbound - the action to be taken for inbound communication from the program in an Untrusted Zone (Allow, Block or Prompt).
Click the Edit icon to modify or click the Delete icon to delete.
Network Rules
Network Rules define the action taken by the firewall on the network activity. Click Add to add a new Network Rule. Specify or select the options and click OK. The following parameters are displayed:
The following parameters are displayed:
Name - name of the protocol.
Description - description of the protocol.
Trusted Zone Inbound - the action to be taken for inbound communication to the protocol in a Trusted Zone (Allow, Block or Prompt).
Trusted Zone Outbound - the action to be taken for outbound communication from the protocol in a Trusted Zone (Allow, Block or Prompt).
Untrusted Zone Inbound - the action to be taken for inbound communication to the protocol in an Untrusted Zone (Allow, Block or Prompt).
Untrusted Zone Outbound - the action to be taken for inbound communication from the protocol in an Untrusted Zone (Allow, Block or Prompt).
 
Advanced Rules
Advanced Rules define the action taken by the firewall for the specified application, port or protocol. This may include a single or a combination of protocol, local or remote ports, and direction of traffic. You can add, edit or delete an advanced rule.
Click Add to add a new Advanced Rule. Specify or select the options and click OK. The following parameters are displayed in the Advanced Rules pane:
 
Name - name of the rule.
Program - name of the program and path.
Action - the action taken by the Firewall for communication from the specified application, port or protocol (Allow, Block or Prompt).
Direction - the direction of communication (Both, In or Out).
Protocol - the name of the protocol.
Local Port - details of the local port.
Remote Port - details of the remote port.
Click the Edit icon to modify or click the Delete icon to delete.
Intrusion Rules
The Intrusion Detection System (IDS) is used to allow or block network activity based on a defined Intrusion Detection Rule. Specify the action (Allow or Block) in the Intrusion Detection Rules pane for each rule that is categorized as High, Medium or Low priority on this screen. Click Edit to edit or Delete to delete a pre-existing rule.
Click Add to add a new Intrusion Detection Rule. Specify or select the options and click OK. The following parameters are displayed when you click Add:
Enabled - select if this rule is to be enabled.
Priority - select if the priority is High, Medium or Low.
Category - select the category (such as bad-unknown, attempted-admin, attempted-dos, or attempted-recon).
Snort Rule- specify the snort rule. For more information on Snort rules, visit www.snort.org/snort/faq.
Click the Edit icon to modify or click the Delete icon to delete.
Trusted Zones
Trusted Zones specify computers, networks and IP addresses that are trusted. Trusted Zones and Internet (Non-Trusted) Zones can be treated differently by Program and Network Rules.
Click Add to add a new Trusted Zone. Specify or select the options and click OK. The following parameters are displayed:
Name - name of the Trusted Zone.
Description - description of the Trusted Zone.
Type - type of the Trusted Zone (IP Address, Address Range or Network).
Click the Edit icon to modify or click the Delete icon to delete.
Advanced Firewall Protection Settings
Enable Process protection- select this option to enable process protection. This feature is used to set the action for unknown code injectors and to add your own allowed code injectors based on the settings in the Process Protection pane.
Enable boot time protection- select this option to enable boot time protection. Boot time protection protects your computer when it starts, blocking traffic from occurring before Windows has a chance to open.
 
Process Protection
The Process Protection property page is used to set the action for unknown code injectors and to add your own allowed code injectors. Processes are protected by preventing one program from injecting code into another program. In some cases, you may want to allow this by specifying the program that is allowed to inject code into another.
Code Injection - select Allow or Block.
Click Add to add a new Code Injector. Specify or select the options and click OK. The following parameters are displayed:
Injector name- specify the name of the injector.
Program path- browse to select the program.
Click the Edit icon to modify or click the Delete icon to delete.