Configure Connection Rules (Windows computers)

Applies To: WatchGuard EPDR, WatchGuard EPP

Connection rules define traditional TCP/IP traffic filtering. In the Firewall settings of a workstations and servers settings profile, you can enable these predefined WatchGuard connection rules:

Block distributed transaction coordinator network connections on public networks

Denies all inbound distributed transaction coordinator network connections on public networks. Blocks local port 3372 and all remote ports.

Deny NetBIOS (UDP) over public networks (NT platform), incoming connections

Denies incoming connections from NetBIOS (UDP) over public networks (NT platform). Blocks local ports 135,137,138,139, and 445, and all remote ports.

Deny NetBIOS over public networks

Denies inbound NetBIOS over public networks (TCP protocol). Blocks local ports 135,139,445, and 593, and all remote ports.

Deny incoming ICMP communications over public networks

Denies inbound ICMP communications over public networks.

WatchGuard Endpoint Security extracts the values of fields in the headers of each packet sent and received by protected computers and checks them against the predefined rules and any custom rules you create. If the traffic matches any of the rules, WatchGuard Endpoint Security takes the specified action.

Connection rules all of WatchGuard Endpoint Security. Connection rules have priority over program rules that control the connection of programs to the Internet and local network. For more information on program rules, see Configure Program Rules (Windows computers).

To configure custom connection rules, in a workstation and server settings profile:

  1. Select Firewall (Windows computers).
  2. In the Connection Rules section, add or edit an existing rule.
    • To add a new connection rule, click .
    • To edit an existing rule, select the rule and click .
      The Add Connection Rules or Edit Connection Rules dialog box opens.

Screen shot of WatchGuard Endpoint Security, Connection rules

  1. In the Name text box, type a name for the rule.

Screen shot of WatchGuard Endpoint Security, Add Connection Rules dialog box

  1. In the Description text box, type a description of the traffic filtered by the rule.
  2. From the Action list, select the action to take if the traffic matches the rule (Allow or Deny).
  3. From the Direction list, select the direction of the traffic to match for connection protocols such as TCP (Inbound or Outbound).
  4. From the Zone list, select the network type to match.
    The rule only applies if the value specified here matches the network type configured. If you select All, then the rule is applies at all times, regardless of the network type configured.
  5. From the Protocol list, select the traffic protocol.
    For more information, see Traffic Protocols.
  6. To limit the scope of the rule to connect to and from specific IP or MAC addresses, enter addresses in the text boxes.
    • In the IP Addresses section, select the IP version. In the text box, type IP addresses.
      You cannot combine different types of IP addresses in the same rule. You can enter multiple addresses (192.168.1.1) and ranges (192.168.1.1-192.168.1.254), separated by commas.
    • In the MAC Addresses section, type the MAC address for the traffic source or target MAC addresses, separated by commas.
      The source and destination MAC addresses included in packet headers are overwritten every time the traffic goes through a proxy, router, etc. The data packets reach their destination with the MAC address of the last device that handled the traffic.
  7. Click OK.
    To change the priority of the rules, click the up and down arrows . To delete a rule, click .

Traffic Protocols

Select a traffic protocol to specify how traffic is sent between devices on the network. The options vary for the protocol you select.

TCP, UPD, and TCP/UDP

From the Local Ports list, select the connection port used on the user computer. From the Remote Ports list, select the connection port used on the remote computer.

Screen shot of WatchGuard Endpoint Security, Connection rule protocols

Select Custom to enter multiple ports separated by commas (,) or a range separated with a hyphen (-).

ICMP, ICMPv6

Above the list select All to select all of the message types and subtypes you want to apply the rule to. To select individual types, select Only Selected Items, and select the types you want to apply the rule to.

Screen shot of WatchGuard Endpoint Security, Connection rules ICMP protocol settings

IP Types

From the list of protocols, select the higher-level protocols you want to apply the rule to. Above the list select All to select all of the protocols you want to apply the rule to. To select individual protocols, select Only Selected Items, and select the protocols you want to apply the rule to.

Screen shot of WatchGuard Endpoint Security, Connection rules IP types protocol settings

See Also

Configure Firewall Settings (Windows computers)

Configure Intrusions to Block

Manage Settings Profiles