The firewall unit monitors all the network connections, blocking or allowing them according to the rules configured. Implements detection and blocking of IDS intrusions and network virus attacks that Trojans use to spread.
This protection allows the administrator to configure the firewall performance:
- From the administration console: The administrator defines the settings to be applied on managed computers in the Web administration console.
- From the Panda icon: The end-user configures the firewall. There are a series of rules predefined by Panda which establish permissions for common applications. New rules can be created or existing ones can be modified in the local firewall configuration console.
The first thing to select in the Web console is the firewall performance. The options available are:
- Allow configuration of the firewall by the client: You can configure the firewall through the local console. If you select this option, the rest of the settings will not be accessible to the administrator, since the configuration will be done locally.
- Apply the following firewall settings: This option allows the administrator to configure the firewall of the managed computers.
To configure the firewall, you must first open the Panda EndPoint Protection local console. To do this, right-click the protection icon in the system tray and select Panda Endpoint Protection.
When the console opens, click the Firewall icon. You will see the firewall settings screen.
This screen displays the following options:
- Firewall status: Indicates if the firewall is running or has stopped working.
- Enable/Disable: You can enable or disable the firewall.
- Type of network: The firewall behavior depends on the type of network you are connected to. You can select three network locations:
- Your home
- Public place
If you select Public place, it is important to note that Panda will implement a series of system rules to strengthen computer security. These rules are:
- Deny inbound ICMP requests.
- Deny NETBIOS (folder and printer sharing)
- Deny inbound connections from the Microsoft Distributed Transaction Coordinator (MSDTC).
MSDTC is a Microsoft communication protocol
- Deny Remote Desktop access.
- Deny remote IIS (Internet Information Service) administration.
Here you can define the Internet connection permissions of the different applications.
To access the Program Control settings, click Configure… This screen lets you select the user and factory rules that you want to apply to the various programs, and set priorities on them. You can also configure the firewall through the pop-up messages displayed by Panda Endpoint Protection when there is an attempt to connect to or from the Internet.
Configuring user rules
- In the Program control screen, click Add to access the Edit rule screen.
- Enter the rule name.
- Select if the rule will apply to a specific program or to all of them.
If it only applies to a specific program, click Select to select it.
- In Action, select the communication direction:
- Allow outbound connections: The program can connect to the Internet, but does not accept external connections from other users or applications.
- Allow inbound connections: The program accepts connections from programs or users from the Internet, but will not have outbound permissions to connect.
- Deny outbound connections: The program CANNOT connect to the Internet.
- Deny inbound connections: The program DOES NOT accept connections from programs or users from the Internet.
- Select if the rule will apply when you are connected to the Internet at home, work or a public place.
- Finally, select the protocol, port or range of ports, and the IP address or range of IP addresses.
To edit or delete a rule, select it and click the relevant button.
To increase or decrease the priority of a rule, click the relevant arrow . The rule will move up or down in the list.
You can also import/export rules to a text file.
Configuring factory rules
The factory rules are control rules recommended by our experts, which affect communication of certain applications. These rules have lower priority than user rules.
You can enable or disable these rules, but not modify them. However, you can view their content.
How to enable/disable factory rules
- Click the Factory rules tab in the Program control screen.
- Select the relevant checkbox to enable the rules.
- To view the content of any of the rules, select it and click Edit. This will take you to the Edit rule screen.
This section lets you select the types of intrusions to be detected by the firewall. In the main screen of the protection, click Intrusion prevention.
The Intrusion prevention screen displays a list of the IDS attacks it neutralizes.