When setting up a new firewall policy for your devices, the settings default is to allow the end user to select the appropriate firewall profile the first time they connect to any given network. If you need to be more restrictive, you can hide the profile selection from the user to enforce rules for known or unknown networks. Devices running a firewall policy will have access to the Flextivity Application Monitor, which shows employees how their applications are using the network.
With more employees on the go, laptops in the office have become commonplace. Whether the laptop is provided by the company, or is BYOD (Bring Your Own Device), location based rules let you strike a balance between protection and leniency. For example, you may want to use a web filtering policy in the workplace to prevent inappropriate surfing, but allow employees to surf as they wish when they go home at the end of the day. You can create special rules based on where a computer is located, assuming that you know the wireless network that your computers will be using.
Click the "Manage Locations" button under Location Rules to create and edit the locations you are using. You can add a location based on the Wireless Network Name or the Wireless Network Base Identifier. Click "Add" once you have configured your location to add it to the list.
Disabled - The firewall is turned off. There will be no restrictions on which devices can connect with this computer. This setting is NOT recommended.
Hidden - Your end user will essentially be unaware that a firewall is present. They will NOT be notified when the network they are connected to changes and there is one firewall profile active at all times. This is a good choice if your end user has a desktop computer that isn't portable or if they may be intimidated or confused if they are notified that the active network has changed. The default firewall profile is highly secure, blocking all incoming connections from both the local network and the Internet. You may optionally create exceptions for specific applications or devices on your local network.
Selectable - Your end user will have a set of default firewall profiles (public, work and home) and will be able to select which of those profiles is active when the network they are connected to changes. They will only be asked the first time they connect to a new network. For example, the first time they connect their computer to their home network they may select the "Home" profile. Thereafter, whenever they come home they will be notified that the profile has changed but will not need to select a profile again.
The three default profiles are:
- Home: A highly trusted network. The firewall allows the computer to function as a client and local network server. The computer can access the Internet as a client computer, and as both a client and a server on a local network.
- Work: A trusted network with many people and devices connected. The firewall allows your computer to function as a client and local network server. Applications are not automatically 'Allowed', and you will be asked to approve undefined application behavior.
- Public: Any network where you are sharing a connection with people you do not know. The firewall allows your computer to function only as a client on a local network or the Internet. The server and file-sharing functions of your computer are blocked. Applications are not automatically 'Allowed', and you will be asked to approve undefined application behavior.
In addition to the default profiles, you can create your own firewall profiles by clicking the 'Add Firewall Profile' option. You can configure incoming and outgoing connections, as well as create exceptions for a specific Address, Protocol, or Port.