Issue:
How does the firewall automatic selection in Policy Manager work? How to set up the automatic selection profile?
Resolution:
To set the firewall automatic selection profile changes to work, create the auto select rule based on conditions such as gateway IP, DNS, etc.
As an example, when the Windows Firewall profile is changed to different networks (public, private, domain), there is network change happening too. This can be used as the condition for firewall automatic selection rule to trigger.
- When a host is connected to Domain network, it will use default firewall profile "Office, file and printer sharing".
- When a host is connected to Public network and assign to DHCP IP address, it will switch to firewall profile "Server".
- When a host is connected to Private network that communicate to gateway IP (Example: 192.168.1.103), it will switch to firewall profile "My test firewall profile".
Note: The firewall automatic selection is based on rules priority. The rule consists of two conditions:
Method1/Argument1 and Method2/Argument2.
When both conditions are met, the profile specified in the rule is selected. The rules are evaluated whenever changes in the network interfaces are detected, and the rule with the highest priority is applied in case there are more than one matching rule.
If none of the rules match, the profile will remain unchanged. Therefore a fallback rule, with both methods set to Always, is usually put at the bottom of the rule set.
Supported methods and arguments:
- Never: Never true (argument ignored)
- Always: Always true (argument ignored)
- DNS Server IP Address: IP address given as the argument matches with a DNS server
- DHCP Server IP Address: IP address given as the argument matches with a DHCP server
- Default Gateway IP Address: IP address given as the argument matches with the default gateway
- My Network: IP address given as the argument falls within the LAN subnet of the host
- Dialup: A dial-up connection is open (argument ignored)
In IP address arguments, the asterisk (*) may be used as a wildcard, but only in place of whole pieces of the address. For instance 172.16.*.*, but not 172.16.*10.* or 172.16.*.
Example:
Method1 = Default Gateway IP Address
Argument1 = 123.12.0.1
Note: The Argument value is irrelevant for Always, Never and Dialup methods.
How to configure My Network rule in Policy Manager autoselect: How to configure MyNetwork rule in Policy Manager autoselect - WithSecure Community
Article no: 000013127