Configure Windows Firewall settings

The Agent Settings tool also lets you create, configure, and deploy Windows Firewall settings to manage the Windows Firewall on target devices.

To create Windows Firewall settings
  1. Click Tools > Configuration > Agent Settings.
  2. Right-click Security > Windows Firewall, click New, select the desired Windows platform, and then click OK.

Once configured, you can deploy settings to target devices with an installation or update task, or a change settings task.

Windows Firewall help

About the Create Windows Firewall settings dialog box

Use this dialog box to configure Windows firewall settings. Windows firewall settings are associated with a change settings task to enable/disable the firewall, and configure firewall settings including exceptions, inbound rules, and outbound rules (for services, ports, and programs).

You can use this feature to deploy a configuration for the Windows firewall on the following Windows versions:

  • Windows 2003
  • Windows XP (SP2 or later)
  • Windows Vista and later

About the Windows Firewall (XP/2003): General page

Use this page to define firewall general settings.

About the Windows Firewall (XP/2003): Exceptions page

Use this page to configure firewall exceptions.

This dialog contains the following options:

  • Current exceptions: Lists programs, ports, and services whose connection/communication is not being blocked by the firewall. The firewall prevents unauthorized access to devices, except for the items in this list.
  • Add program: Lets you add a specific program to the exception list to allow communication.
  • Add port: Lets you add a specific port to the exception list to allow communication.
  • Edit: Lets you edit the selected exception's properties, including the scope of affected devices.
  • Delete: Removes the selected exception from the list.
  • OK: Saves your changes and closes the dialog.
  • Cancel: Closes the dialog without saving your changes.

Windows Firewall security threat definitions

Ivanti® Endpoint Security for Endpoint Manager provides predefined security threat definitions that let you scan for, detect, and configure firewall settings on managed devices running specific Windows platforms. The following security threat definitions let you scan for and modify firewall settings:

  • ST000102: Security threat definition for the Windows Firewall on Windows 2003, and Windows XP.
  • ST000015: Security threat definition for the Internet Connection Firewall on Windows 2003, and Windows XP.

The Windows Firewall security threat properties includes custom variables that let you configure Windows Firewall settings. You can use these security threat definitions to scan for your specified settings and return a vulnerability condition if those settings are not matched. You can then use the customized definition in a repair task in order to turn on or off the firewall as well as change or reconfigure the firewall settings on the scanned device.

About the Windows Firewall (Vista and later): General rules page

Use this page to configure firewall general rules.

About the Windows Firewall (Vista and later): Inbound rules

Use this page to configure firewall inbound rules.

About the Windows Firewall (Vista and later): Outbound rules

Use this page to configure firewall outbound rules.