Firewall - Application Rules

Manage these settings from: ProtectionFirewallApplication settings

Firewall creates rules each time an application or process starts for the first time. These rules determine how Firewall reacts to each application or process when it connects to the internet or to another network.

Although advanced users can manage these rules or create new ones, we recommend you only modify your Application Rules if absolutely necessary. In most cases, Firewall formulates optimal rules without your input.

Organize Application Rules

Application Rules are organized into groups. Predefined groups correspond with application vendors. To add an application to an existing group, follow these steps:

  1. Click New application rule and select a group (vendor).
  2. Locate and select the application you want to add, then click Open.
  3. Click the group name, then use the orange bars to indicate the level of access you want to allow.

You can also create new groups by clicking New Group and providing a name for the group.

Adjust access restrictions

You can set connection allowances for each individual application or process to determine how strictly Firewall monitors any incoming or outgoing communication. Click a group (or vendor name), then use the orange bars in the Allowed connections column next to an application rule name to set the authorization level:

  • One bar (Friends out): outgoing connections with Friends networks only.
  • Two bars (Friends in/out): incoming and outgoing connections with Friends networks only.
  • Three bars (Internet out): all outgoing connections to the internet.
  • Four bars (Friends in and Internet out): incoming connections with Friends networks only, and all outgoing connections to the internet.
  • Five bars (All connections): all incoming and outgoing connections to the internet.

To Block all connections for an application, hover your cursor over the orange bars and click the red block symbol that appears.

Note: The networks, referred to as 'Friends', are any networks outside of your current network that are considered trusted by Firewall. These networks are automatically identified and exempt from default Firewall restrictions when your current Network profile is set to Private. When Firewall is set to the Public profile, the default higher level of security is applied to all networks, including the Friends networks.

Set actions for unauthorized connections

In addition to defining the types of connections you authorize for applications or processes, you can also specify how Firewall behaves when it detects a non-authorized connection. For example, how Firewall manages an incoming connection from the internet for an application with its Allowed connections set to Internet out.

Click a group (or vendor name), then click the arrow next to the name of an application or process in the Application column to manage this setting. The following behaviors are available:

  • Default rule (Work/Medium Risk Zone): Firewall decides to allow or block connections based on the settings of the active Firewall Network profile (Private or Public).
  • Auto-decide: Firewall allows connections with verified applications, but blocks connections from unknown or suspicious applications.
  • Block: Firewall blocks all other connections.
  • Ask: Firewall asks you to decide if you want to allow or block a connection each time a new request is received. Selecting this option may result in frequent and potentially annoying alerts.

Specify authorized ports

Further increase rule restrictions by specifying the network ports each application uses for communication when an incoming or ongoing connection is allowed. Follow these steps:

  1. Click a group (or vendor name) to open the list of applications or processes in that group.
  2. Click the arrow next to the name of an application or process in the Application column to expand its individual communication settings.
  3. Click Specify ports, then specify the ports you authorize the application or process to communicate with (incoming and outgoing communication port numbers can be specified depending on the defined access restrictions):
    • Type a specific port number into the text box. For multiple ports, separate each port number with a comma.
    • Select All from the drop-down menu to authorize communication with all ports.
    • Select a predefined port number from the drop-down menu.
  4. Optionally click Packet rules to manage these settings according to a connection type.

Note: Different application or process types require different ports. For example, for internet browsers, port 443 is the default port used for HTTPS (secure HTTP), and port 80 is the most commonly used port for HTTP (unsecure), therefore the port numbers entry for application rules is 443,80. For information about the correct network port to specify for an application, contact the application vendor or refer to the application's documentation or support pages.