How to block unknown high ports in F-Secure 14.X

Everson

How do I block:
High port output connections
Incoming SMB and Windows Network Connections from 0.0.0.0/0
In this version Firewall does not obey the priority order as version 13X.

In version 13X I have a rule that releases ports from my internal services and branch IPs.
And another rule below that I deny anything other than that.

I ask this because I found an application running on the user's computer that uses TCP out port 32234, in F-Secure 13X it blocks these ports correctly, because the firewall has to block unknown ports

In version 14X, the application is able to connect to an internet host, but should block because it has not been expressly released.

Replacing the F-Secure firewall in Windows, in my opinion, was a very big comeback.

And as far as I could tell, F-Secure 14X Firewalll generates no alerts.

MonikaL

Hi Everson,

 

I will check on this with the relevant team and update you accordingly.

 

Thanks.

MonikaL

Hi Everson,

 

1. There is ”block all other rules” checkbox which allows to disable all other rules and leave only defined ones active.
2. admin can select default action as “block” so only allowed rules will be allowing traffic.
3. admin can define strict allow rule which will allow only “low” ports and don’t allow rest.

 

Will that be enough?

 

We are also working on bringing Firewall alerts back to clients, so this will be fixed.

MJ-perComp

Hi Evenson,
I'd be interested in your ruleset. can you post a screenshot?

Somehow I can't get rid of the feeling that there is a  misunderstanding leading you into a complete misconception of a local firewall.

 

What threat exactly do you want to protect from?