Configuring firewall settings for macOS devices

You can use Ivanti EPMM to configure a macOS firewall setting for macOS devices. You use the firewall configuration to control connections made to managed macOS devices from other devices on your network on a per-application basis. The firewall configuration prevents managed macOS devices from accepting inbound connections from particular apps or services.

The application firewall is designed to work with TCP and UDP, without having any effect on AppleTalk connections. While you can disable ICMP pings by enabling stealth mode, you can still use earlier ipfw technology from the command line.

Procedure

Select Policies & Configs > Configurations.
Select Add New > Apple > macOS only > Firewall.

Use the guidelines in the table below to complete this form.

Item	Description
Name	Enter a name for the configuration.
Description	Enter an explanation of the purpose of this configuration.
Enable Firewall	Select to enable the firewall configuration for macOS devices.
Block all incoming connections	Select to prevent all sharing services from receiving incoming connections on macOS devices, such as screen sharing or file sharing. The following system services may still receive incoming connections: configd, which implements DHCP and other network configuration services mDNSResponder, which implements Bonjour racoon, which implements IPSec
Enable stealth mode	Select to prevent macOS devices from responding to probing requests. Managed macOS devices still answer incoming requests for authorized apps, while ignoring unexpected requests, such as ICMP (ping).
Applications	Select specific apps for which you want to receive incoming connections on macOS devices. Select Add+ to add a row to the list of apps. Select the cell under Bundle ID to select the app whose incoming connections you want to explicitly allow. Select the check box in the Allow Connections cell to allow incoming connections from the selected app.

Select Save.
Apply the policy to a macOS label.