It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Managed Workplace

Configuring Avast Business Antivirus Policies: Enabling and Configuring Firewall

  • Last updated on

Firewall is available for Workstations only, not Servers.

Firewall monitors all network traffic between devices and the outside world to protect you from unauthorized communication and intrusions.

To Enable Firewall
  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. In the Shields section, move the slider to enable Firewall.
  6. Click Apply Changes.
Defining Firewall Profiles and Networks

Firewall is available for Workstations only, not Servers.

We recommend you apply the Public profile to all networks that are not your private network, such as when you connect to the Internet in a cafe or at an airport.

  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the Networks tab.
  7. Select a default profile for undefined networks.
  8. To define a network, click Add network, then type a network name and the MAC address of the network router. Select a profile, then click Add.
  9. Repeat step 8 for all networks you want to add.
  10. Click Apply Changes.
To Edit a Network Defined for Firewall
  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the Networks tab.
  7. In the Network name box, type a name for the network.
  8. In the MAC address of network router box, type the network box's MAC address.
  9. In the Profile box, select a profile.
  10. Click Apply Changes.
To Delete a Network Defined for Firewall
  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the Networks tab.
  7. Next to the network, click worddav2892ea4392ea185eabf6da33d8e44a2f.png.
  8. Click Apply Changes.
Overriding User-defined Firewall Rules

Firewall is available for Workstations only, not Servers.

Selecting this option lets you control all Firewall rules from Barracuda Managed Workplace.

  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the Rules tab.
  7. Select Control All Rules through Managed Workplace.
  8. Click Apply Changes.
Defining Firewall Profile System Rules

Firewall is available for Workstations only, not Servers.

We recommend you only change system rules if you have advanced knowledge of firewall concepts or for troubleshooting purposes. Firewall is already configured to provide the appropriate firewall protection for most uses.

  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the System Rules tab.
  7. To control all system rules through Barracuda Managed Workplace, click the Control All Rules via Managed Workplace check box.
  8. In each of the following sections, select EnabledDisabled, or Decide based on packet rules:
    • Allow Windows File and Printer Sharing—Authorizes other devices in the network to access shared folders and printers on devices.
    • Allow Remote Desktop Connections to this Computer—Authorizes other devices in the network to remotely access and control devices when the Remote Desktop service is enabled.
    • Allow Incoming Ping and Trace Requests (ICMP)—Authorizes incoming Internet Control Message Protocol messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues.
    • Allow Outgoing Ping and Trace Requests (ICMP)—Authorizes outgoing Internet Control Message Protocol messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues.
    • Allow IGMP Traffic—Authorizes multicast communication using the Internet Group Management Protocol, which is required by some media streaming services for more efficient use of resources during activities such as video streaming and gaming.
    • Allow Multicast Traffic—Authorizes applications and services for media streaming when distributing content to groups of multiple recipients in a single transmission, which is necessary for activities such as video-conferencing.
    • Allow DNS—Authorizes communication with Domain Name Servers which enables devices to recognize the IP addresses of the websites you visit.
    • Allow DHCP—Authorizes communication using the Dynamic Host Configuration Protocol to automatically provide network devices and devices with IP addresses and other related configuration information such as the subnet mask and default gateway.
    • Allow VPN Connections via PPTP—Authorizes connections to Virtual Private Networks based on the Point-to-Point Tunneling Protocol. This protocol is known to present numerous security risks.
    • Allow VPN Connections via L2TP-IPSec—Authorizes connections to Virtual Private Networks based on a more secure combination of the Layer 2 Tunneling Protocol and Internet Protocol Security in comparison with the older Point-to-Point Tunneling Protocol.
    • Allow Stealth Mode for Public Networks—prevents attackers from uncovering information about devices and running services when your Firewall is in Public mode, which is the Network profile you should set when you are connected to a public network, such as in a cafe or at an airport.
  9. Click Apply Changes.
Defining Firewall Application Rules

Firewall is available for Workstations only, not Servers.

We recommend you only change application rules if you have advanced knowledge of firewall concepts or for troubleshooting purposes. Firewall is already configured to provide the appropriate firewall protection for most uses.

  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the Application Rules tab.
To Define a Default Firewall Rule for Applications

You can define a default rule for applications that don't have a specific rule defined. The default rule is applied to any application that doesn't appear in the list on this page.

  1. On the Application Rules tab, select an option in For applications with no defined rules, allow the following:
    • Auto-decide — Firewall allows connections with verified applications, but blocks connections from unknown or suspicious applications.
    • All connections — Firewall allows all connections automatically.
    • No connections — Firewall blocks all connections automatically.
    • Ask user — Firewall asks the end user if they want to allow or block the connection.
  2. Click Apply Changes.
To Apply a Firewall Connection Rule for an Application

You can apply one of the existing Firewall connection rules to an application. If you want to define a custom connection, follow the  To Create a Custom Firewall Connection Rule for an Application procedure.

  1. On the Application Rules tab, click Add application rule.
  2. In Application name box, type a name for the rule.
  3. In the Application path box, type the path to the application, including the application's file extension. For example, C:\Program Files\app.exe.

    To see variables you can use in the application path, click Show system path variables.

  4. Select one of the following options in Allow  Connections:
    • All connections — Allows all incoming and outgoing connections.
    • Internet out only — Allows only outgoing connections to the internet.
    • No connections — Does not allow any connections.
  5. Click Save application  rule.
To Create a Custom Firewall Connection Rule for an Application

When you create a custom Firewall connection rule for an application, three default rules are provided for you:

    • Internet Out — Allows TCP and UDP protocols out.
    • Internet In — Allows TCP and UDP protocols in.
    • Default Rule — Blocks all protocols, out and in, unless a specific rule allows the protocol to communicate. For example, this rule is applied to ICMPv6 by default, blocking ICMPv6 from communicating either in or out. TCP and UDP would be blocked by this rule, however, the other two rules supersede this rule and allow them to communicate.

You can edit or disable any of these three rules, and you can also create additional rules for other protocols.

  1. On the Application Rules tab, click Add application rule.
  2. In Application name box, type a name for the rule.
  3. In the Application path box, type the path to the application, including the application's file extension. For example, C:\Program Files\app.exe.

    To see variables you can use in the application path, click Show system path variables.

  4. In Allow Connections, select Custom.
  5. To add a new rule to the application rule, click Add new rule and do the following:
    • Select the Enabled check box.
    • In the Name box, type a name.
    • In the Action box, select an action.
    • In the Protocol box, select a protocol.
    • In the Direction box, select a direction.
    • In the Address box, type an address.
    • In the Local Port box, type a port number.
    • In the Remote Port box, type a port number.
    • In the ICMP Type box, type the ICMP type.
    • Click Save.
  6. To edit any of the existing rules in the application rule, do the following:
    • Click Edit worddavb795efbaf5948277838768634e5ca080.png and make your changes.
    • Click Save.
  7. To disable a rule in the application rule, do the following:
    • Click Edit  worddav975c39038ea483ac655f33b30eb7f465.png.
    • In the Enabled column, clear the check box.
    • Click Save.

    A disabled rule be enabled at any time.

  8. To delete a rule in the application rule, click worddav9cd030a37f5208df988af2caa0a0249b.png .
  9. Click Save application rule.
  10. Click Apply Changes.
Defining Firewall Advanced Packet Rules

Firewall is available for Workstations only, not Servers.

By default, packet rules are applied in the order they appear on the Advanced Packet Rules page. You can also reorder these rules to change the order in which they are applied.

We recommend you only change packet rules if you have advanced knowledge of firewall concepts or for troubleshooting purposes. Firewall is already configured to provide the appropriate firewall protection for most uses.

  1. Click Configuration > Policies > Avast Antivirus.
  2. Click the name of a policy.
  3. Click the Workstation Settings tab.
  4. Click the Active Protection tab.
  5. Click the Customize link in the Firewall section.
  6. Click the Rules tab.
  7. Click the Advanced packet rules tab.
To Add a New Packet Rule

New packet rules are added to the bottom of the list, giving them the lowest priority.

To change the precedence of a new rule, follow the To Change the Priority of Packet Rules procedure.

  1. Click Add new rule.
  2. Do the following:
    • In the Enabled column, select the Enabled check box.
    • In the Name column, type a name.
    • In the Action column, select an option.
    • In the Protocol column, select a protocol.
    • In the Direction column, select a direction.
    • In the Address column, type an address.
    • In the Local Port column, type a port number.
    • In the Remote Port column, type a port number.
    • In the ICMP Type column, type the ICMP type.
    • In the Profile column, select a profile.
  3. Click Save worddavaaf476f02c4655b9c6e0842af37d5c81.png.
  4. Click Apply Changes.
To Edit a Packet Rule

You can edit the custom rules you've created. Default packet rules are not available to edit.

  1. On the Advanced packet rules tab, click Edit worddavb795efbaf5948277838768634e5ca080.png next to any custom rule you have created.
  2. Do any of the following:
    • In the Enabled column, select the Enabled check box.
    • In the Name column, type a name.
    • In the Action column, select an option.
    • In the Protocol column, select a protocol.
    • In the Direction column, select a direction.
    • In the Address column, type an address.
    • In the Local Port column, type a port number.
    • In the Remote Port column, type a port number.
    • In the ICMP Type column, type the ICMP type.
    • In the Profile column, select a profile.
  3. Click Save worddavaaf476f02c4655b9c6e0842af37d5c81.png.
  4. Click Apply Changes.
To Disable a Packet Rule
  1. On the Advanced packet rules tab, click Edit worddavb795efbaf5948277838768634e5ca080.png next to any custom rule you have created.
  2. In the Enabled column, clear the check box.
  3. Click Save worddavaaf476f02c4655b9c6e0842af37d5c81.png.
  4. Click Apply Changes.
To Delete a Packet Rule
  1. On the Advanced packet rules tab, click Delete worddav2892ea4392ea185eabf6da33d8e44a2f.png next to any custom rule you have created.
  2. Click Save.
  3. Click Apply Changes.
To Change the Priority of Packet Rules

Packet rules are listed in order of priority, which means that although multiple rules may relate to one packet, the rule which appears highest in the table is always applied first.

For example, if a rule at the top of the list blocks Windows Networking In, and you add a rule lower down on the list that allows Windows Networking In, the first rule will take precedence. Windows Networking In will be blocked.

We recommend you only change packet rules if you have advanced knowledge of firewall concepts or for troubleshooting purposes. Firewall is already configured to provide the appropriate firewall protection for most uses.

The following procedure lets you change the priority of packet rules.

  1. On the Advanced packet rules tab, in the list of packets rules, click the packet rule you want to move.
  2. Do either of the following:
    • To move a rule up in the list, click Move  up.
    • To move a rule down in the list, click Move  down.
  3. Repeat steps 1-2 until the rules are in the order you want them.
  4. Click Apply Changes.
Last updated on