Configure Program Rules (Windows Computers)

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EPP

In the Firewall settings of a workstations and servers settings profile, you can configure program rules to control which programs can communicate with the local network and Internet.

To add a rule programs must meet to be communicate with the local network and Internet:

  1. Select Firewall (Windows computers).
  2. In the Program Rules section, from the Take the following action if no predefined rule is found drop-down list, select the default action (Allow or Deny).
  3. To enable predefined rules to deny remote administration of IIS and remote desktop, select Enable WatchGuard Rules.

Screen shot of WatchGuard Endpoint Security, WatchGuard program rules

  1. Click The Add icon..
    The Add Program Rules dialog box opens. .

Screen shot of WatchGuard Endpoint Security, Add Program Rules

  1. In the Description text box, type a description of the new rule.
  2. Next to the Program text box, click Browse and select a program you want to configure connection options for.
  3. From the Connections allowed for this program drop-down list, select an option to specify whether to allow or deny connections for the program.
  4. If you select Advanced Permissions, specify parameters of the traffic you want to allow or deny.
  5. Action

    Defines the action that WatchGuard Endpoint Security takes when the examined traffic matches the rule.

    Allow: Allows the traffic.

    Deny: Blocks the traffic. It drops the connection.

    Direction

    Sets the traffic direction for connection protocols such as TCP.

    Outbound: Traffic from the user's computer to another computer on the network.

    Inbound: Traffic to the user's computer from another computer on the network.

    Zone

    Applies only if the zone matches the zone configured for the network type. For more information, go to Firewall Settings – Network Types. Rules whose Zone is set to All are applied at all times irrespective of the network type configured in the Firewall settings.

    Protocol

    Allows you to establish the layer 3 protocol for the traffic generated by the program you want to control (All, TCP, or UDP).

    IP

    All: Rule does not take into account the connection source and target IP addresses.

    Custom: Allows you to specify the source or target IP address of the traffic to control. You can enter multiple addresses, separated by commas. To specify a range, use a hyphen (-). From the drop-down menu, select if the IP addresses are IPv4 or IPv6. You cannot mix different types of IP addresses in the same rule.

    Ports: Allows you to specify the communication port. Select Custom to enter multiple ports, separated by commas. To specify a range, use a hyphen (-).

  1. Click OK.
    When there are multiple rules for different programs, click the up and down arrows Up and down arrow icons. to change the precedence that the rules run. To delete a rule, click The Delete icon..

Related Topics

Configure Firewall Settings (Windows Computers)

Manage Settings Profiles