Firewall is available for Workstations only, not Servers.
Firewall monitors all network traffic between devices and the outside world to protect you from unauthorized communication and intrusions.
To Enable Firewall
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- In the Shields section, move the slider to enable Firewall.
- Click Apply Changes.
To define Firewall Profiles and Networks
Firewall is available for Workstations only, not Servers.
The two profiles you can assign to defined networks are:
- Private (Trusted)—Provides a lower level of security.
- Public (Not trusted)—Provides a higher level of security.
We recommend you apply the Public profile to all networks that are not your private network, such as when you connect to the Internet in a cafe or at an airport.
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Networks tab.
Select a default profile for undefined networks.
- To define a network, click Add new network, then type a network name and the MAC address of the network router. Select a profile, then click Add.
- Repeat step 8 for all networks you want to add.
- Click Apply Changes.
To Edit a Network Defined for Firewall
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Networks tab.
- In the Network name box, type a name for the network.
- In the MAC address of network router box, type the network box's MAC address.
- In the Profile box, select a profile.
- Click Apply Changes.
To Delete a Network Defined for Firewall
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Networks tab.
- Next to the network, click .
- Click Apply Changes.
To override user-defined Firewall rules
Firewall is available for Workstations only, not Servers.
Selecting this option lets you control all Firewall rules from Barracuda RMM.
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Firewall Rules tab.
- Select Control All Rules through Managed Workplace.
- Click Apply Changes.
To define Firewall profile system rules
Firewall is available for Workstations only, not Servers.
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Firewall Rules tab.
- To control all system rules through Barracuda RMM, click the Control All Rules via Barracuda RMM check box.
- In each of the following sections, select Enabled, Disabled, or Decide based on packetrules:
- Allow Windows File and Printer Sharing (Private) and Allow Windows File and Printer Sharing (Public)—Authorizes other devices in the network to access shared folders and printers on devices.
- Allow Remote Desktop Connections to this Computer (Private) and Allow Remote Desktop Connections to this Computer (Public)—Authorizes other devices in the network to remotely access and control devices when the Remote Desktop service is enabled.
- Allow Incoming Ping and Trace Requests (ICMP) (Private) and Allow Incoming Ping and Trace Requests (ICMP) (Public)—Authorizes incoming Internet Control Message Protocol messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues.
- Allow Outgoing Ping and Trace Requests (ICMP) (Private) and Allow Outgoing Ping and Trace Requests (ICMP) (Public)—Authorizes outgoing Internet Control Message Protocol messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues.
- Allow IGMP Traffic (Private) and Allow IGMP Traffic (Public)—Authorizes multicast communication using the Internet Group Management Protocol, which is required by some media streaming services for more efficient use of resources during activities such as video streaming and gaming.
- Allow Multicast Traffic (Private) and Allow Multicast Traffic (Public)—Authorizes applications and services for media streaming when distributing content to groups of multiple recipients in a single transmission, which is necessary for activities such as video-conferencing.
- Allow DNS (Private) and Allow DNS (Public)—Authorizes communication with Domain Name Servers, which enables devices to recognize the IP addresses of the websites you visit.
- Allow DHCP (Private) and Allow DHCP (Public)—Authorizes communication using the Dynamic Host Configuration Protocol to automatically provide network devices and devices with IP addresses and other related configuration information such as the subnet mask and default gateway.
- Allow VPN Connections via PPTP (Private) and Allow VPN Connections via PPTP (Public)—Authorizes connections to Virtual Private Networks based on the Point-to-Point Tunneling Protocol. This protocol is known to present numerous security risks.
- Allow VPN Connections via L2TP-IPSec (Private) and Allow VPN Connections via L2TP-IPSec (Public)—Authorizes connections to Virtual Private Networks based on a more secure combination of the Layer 2 Tunneling Protocol and Internet Protocol Security in comparison with the older Point-to-Point Tunneling Protocol.
- Click Apply Changes.
To edit Firewall application rules
Firewall is available for Workstations only, not Servers.
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Firewall Rules tab.
- Click the Application Rules tab.
To define a default Firewall rule for applications
You can define a default rule for applications that don't have a specific rule defined. The default rule is applied to any application that doesn't appear in the list on this page.
- On the Application Rules tab, select an option in For applications with no defined rules, allow the following:
- Auto-decide — Firewall allows connections with verified applications, but blocks connections from unknown or suspicious applications.
- All connections — Firewall allows all connections automatically.
- No connections — Firewall blocks all connections automatically.
- Ask user — Firewall asks the end user if they want to allow or block the connection.
- Click Apply Changes.
To apply a Firewall connection rule for an application
You can apply one of the existing Firewall connection rules to an application. If you want to define a custom connection, follow the To Create a Custom Firewall Connection Rule for an Application procedure.
- On the Application Rules tab, click Add application rule.
- In Application name box, type a name for the rule.
In the Application path box, type the path to the application, including the application's file extension. For example, C:\Program Files\app.exe.
- Select one of the following options in Allow Connections:
- All connections—Allows all incoming and outgoing connections.
- Internet in only—Allows only incoming connections
- Internet out only—Allows only outgoing connections to the internet.
- No connections—Does not allow any connections.
- Click Save application rule.
To create a custom Firewall connection rule for an application
When you create a custom Firewall connection rule for an application, three default rules are provided for you:
- Internet Out — Allows TCP and UDP protocols out.
- Internet In — Allows TCP and UDP protocols in.
- Default Rule — Blocks all protocols, out and in, unless a specific rule allows the protocol to communicate. For example, this rule is applied to ICMPv6 by default, blocking ICMPv6 from communicating either in or out. TCP and UDP would be blocked by this rule, however, the other two rules supersede this rule and allow them to communicate.
You can edit or disable any of these three rules, and you can also create additional rules for other protocols.
- On the Application Rules tab, click Add application rule.
- In Application name box, type a name for the rule.
In the Application path box, type the path to the application, including the application's file extension. For example, C:\Program Files\app.exe.
- In Allow Connections, select Custom.
- To add a new rule to the application rule, click Add new rule and do the following:
- Select the Enabled check box.
- In the Name box, type a name.
- In the Action box, select an action.
- In the Protocol box, select a protocol.
- In the Direction box, select a direction.
- In the Address box, type an address.
- In the Local Port box, type a port number.
- In the Remote Port box, type a port number.
- In the ICMP Type box, type the ICMP type.
- Click Save.
- To edit any of the existing rules in the application rule, click Edit and make your changes. Click Save.
To disable a rule in the application rule, click Edit . In the Enabled column, clear the check box. Click Save.
- To delete a rule in the application rule, click .
- Click Save application rule.
- Click Apply Changes.
To define Firewall advanced packet rules
Firewall is available for Workstations only, not Servers.
By default, packet rules are applied in the order they appear on the Advanced Packet Rules page. To change the order they are applied, reorder these rules on the Advanced Packet Rules page.
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Firewall Rules tab.
- Click the Advanced packet rules tab.
To add a new packet rule
New packet rules are added to the bottom of the list, giving them the lowest priority.
To change the precedence of a new rule, follow the To Change the Priority of Packet Rules procedure.
- Click Add new rule.
- Do the following:
- Select the Enabled check box.
- Type a name.
- In Action, select an option.
- In Protocol, select a protocol.
- In Direction, select a direction.
- In Address, type an address.
- In Remote Port, type a port number.
- In Local Port, type a port number.
- Type the ICMP Type.
- In Profile, select a profile.
- Click Save .
- Click Apply Changes.
To edit a packet rule
You can edit the custom rules you've created. Default packet rules are not available to edit.
- On the Advanced packet rules tab, click Edit next to any custom rule you have created.
- Do any of the following:
- Select the Enabled check box.
- Type a Name.
- In Action, select an option.
- In Protocol, select a protocol.
- In Direction, select a direction.
- In Address, type an address.
- In Remote Port, type a port number.
- In Local Port, type a port number.
- Type the ICMP Type.
- In Profile, select a profile.
- Click Save .
- Click Apply Changes.
To disable a packet rule
- On the Advanced packet rules tab, click Edit next to any custom rule you have created.
- In the Enabled column, clear the check box.
- Click Save .
- Click Apply Changes.
To delete a packet rule
- On the Advanced packet rules tab, click Delete next to any custom rule you have created.
- Click Save.
- Click Apply Changes.
To change the priority of packet rules
Packet rules are listed in order of priority, which means that although multiple rules may relate to one packet, the rule which appears highest in the table is always applied first.
For example, if a rule at the top of the list blocks Windows Networking In, and you add a rule lower down on the list that allows Windows Networking In, the first rule will take precedence. Windows Networking In will be blocked.
The following procedure lets you change the priority of packet rules.
- On the Advanced packet rules tab, in the list of packets rules, click the packet rule you want to move.
- Do either of the following:
- To move a rule up in the list, click Moveup.
- To move a rule down in the list, click Movedown.
- Repeat steps 1-2 until the rules are in the order you want them.
- Click Apply Changes.
To set advanced Firewall options
There are no corresponding Barracuda RMM alerts for the new system rules at this time.
- Click Service Delivery > Policies > Avast Antivirus.
- Click the name of a policy.
- Click the Workstation Settings tab.
- Click the Active Protection tab.
- Click the Customize link in the Firewall section.
- Click the Advanced tab.
- Slide the slider to enable any of the following:
- Leak Protection—prevents attackers from uncovering information about devices and running services when your Firewall is in Public mode, which is the Network profile you should set when you are connected to a public network, such as in a cafe or at an airport. Formerly known as Allow Stealth Mode for Public Networks.
- Port Scan Alerts—sends you a warning if an individual or application scans your computer for open ports.
- ARP Spoofing Alerts—sends you a warning if an individual attempts to intercept your network traffic via an Address Resolution Protocol (ARP) spoofing attack. ARP spoofing is when an attacker exploits the ARP to trick the devices on a network into communicating with an external device that is controlled by an individual.
- Click Apply Changes.