To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Displaying and selecting computer firewall profile

mummo
mummo Posts: 3 Security Scout

Hello,

We recently switched from PM+CS to Elements EPP and for life of my I cannot find where is displayed the currently assigned firewall profile of each computer? The second question: How can we assign certain firewall profile to certain specific computer or groups of computers? Do we really need to clone the whole main profile to achieve this? How those profiles can be then maintained without any hierarchy like in PM?

Tagged:

Answers

  • JamesC
    JamesC Staff, Moderator Posts: 559 W/ Moderator

    Hi,

    Profile inheritance does not exist in Elements.

    To set a firewall profile to a computer, you need to copy a profile and change it.

    You can use compare and edit profile feature to help with keeping profiles similar.

  • mummo
    mummo Posts: 3 Security Scout

    Hello,

    Thanks for you comment. Yes, right, there is no hierarchy/inheritance of profiles, but I was wondering if there is some alternative way to handle computer specific firewall rules, because the main profile clone/compare is not really sustainable solution.

    Is it also so, that we cannot see the firewall profile name the client is currently using? If automatic selection of firewall profile based on network location is in use, the selected profile should be visible somewhere - it is possible that the network location detection does not work correctly due to incorrect configuration, leading WithSecure client to select wrong firewall profile. There should be a way to detect this.

  • JamesC
    JamesC Staff, Moderator Posts: 559 W/ Moderator

    Hi,

    This setting has firewall profile: 



    And in main UI , you can see network location :



    So you can use all this data to see what is going on on client.

    If you want to have several computer specific firewall profiles, then using network locations is one possible way.

    You can have one profile and many firewall profiles inside and switch them based on some location rule.

  • mummo
    mummo Posts: 3 Security Scout

    Hello,

    Thanks. Yes, the firewall profile is visible in the client application, but this does not help much the admin who is looking the world from the other end. In PM this is displayed in Status->Overall protection page, but in Elements there seems to be over 100 columns in Devices page, but not the current firewall profile.

    You mentioned that network locations can be used for setting computer specific rule. How do you do that? There is no trigger which would bind the computer identity to network location.

  • JamesC
    JamesC Staff, Moderator Posts: 559 W/ Moderator

    Hi,

    If you want a single rule to be enabled, this is not possible. We only allow entire firewall profile to be switched using Network Location. Is this what you want ?

    Regarding showing selected firewall profile on portal, I have reached out to our product team. This is a good idea and we will add this if it's missing.

This discussion has been closed.

Categories