Issue:
Can I configure the Elements Endpoint Protection (EPP for Computers or EPP for Servers) profile to force the Windows Firewall to turn ON if the end-user has turned it OFF?
Resolution:
The ON/OFF state of the Windows Firewall can be fully controlled from the Elements Endpoint Protection profile settings in Elements Endpoint Protection portal..
To modify the state of the firewall, you can do the following:
- Log in to the Elements Security Center
- Click on See more details under Endpoint Protection
- Go to the Profiles page
- Click on the profile you want to edit (observe that profiles with the READ ONLY flag cannot be edited)
- Select the Firewall page from the options on the left
- Under General settings, set the Use Windows Firewall-setting to the desired mode (to prevent anyone from being able to modify the setting locally, click the lock icon on the extreme right side of the setting, so that the lock is closed)
The Windows Firewall will always follow the setting in Elements Endpoint Protection. Users with sufficient rights can turn the firewall on or off directly through the firewall settings in Windows, but it will be forced back again in a few seconds.
Leaving the setting unlocked in the settings profile will allow for local settings to override the value stated in the profile, see the following examples:
Profile setting: Firewall ON, setting unlocked
Setting in Computer Protection UI: OFF
Result: the Windows Firewall will be forced OFF
Profile setting: Firewall ON, setting unlocked
Setting in Computer Protection UI: ON
Result: the Windows Firewall will be forced ON
Profile setting: Firewall ON, setting locked
Setting in Computer Protection UI: Will be forced ON
Result: the Windows Firewall will be forced ON
Note: Windows Firewall settings and rules created via Group Policy Objects (GPO) can not be overridden by Elements Endpoint Protection profiles.
Article no: 000016070