Download PDF

General Overview

Requirements and Installation

General Settings

Mobile Management

iOS Configuration

Android Enterprise – Fully Managed Device Configuration

Android Enterprise - Fully Managed Device with-Work Profile (COPE)

Android Enterprise – Container Configuration

Android Configuration

Configuration Windows 10 PC

MacOS Configuration

Dashboard & Reporting

Multitenant Management

Contact

Disclaimer

Firewall Rules

Edit

Firewall Rules

Name



Name of the rule

Description



Description of the rule

Action



Specify whether this rule will block the traffic, or allow it. Please consider that the Block option could also block the traffic (depending of the rest of the configuration) between the MDM server and the Device

Direction

Enable Edge traversal (Only available when Direction is set to inbound traffic)



Indicates that specific inbound traffic is allowed to tunnel throughout NAT’s and other edge devices using the Teredo tunneling technology.
Edit

Programs & services

Define applications, all otherwise



If not enabled, then it will consider all applications

Package Family Name



The Package Family Name that the rule will apply to.

File path of the application



The full application such as C:\Windows\System\Notepad.exe that the rule will apply to

Fully Qualified Binary Name



The Fully Qualified Binary Name that the rule will apply to. A FQBN is a string in the following form: {Publisher\Product\Filename,Version}

Service Name



Enter the name of a Service (e.g “EventLog”). You can get a list of Service Names on Powershell by running the command “Get-Service”.
Edit

Protocols & ports

Protocol



The protocol used by the rule.

Available values:


– Any


– Custom


– HOPORT


– ICMPv4


– IGMP


– TCP


– UDP


– IPv6


– IPv6-Route


– IPv6-Frag


– GRE


– ICMPv6


– IPv6-NoNxt


– IPv6-Opts


– VRRP


– PGM


– L2TP



When set to Custom



Insert a protocol number between 0 and 255



The protocol number

When set to TCP or UDP



Specify local ports, all will be used otherwise



Local ports that the rule will use, range ports are also allowed

Local Port



Single port or a range of ports. E.g. 100-120,200,300-320.

Specify remote ports, all will be used otherwise



Remote ports that the rule will use, range ports are also allowed

Remote Port



Single port or a range of ports. E.g. 100-120,200,300-320.
Edit

Scope

Specify local IPs, any IP otherwise



Set of local IPs, it can be also a range of IPs separated by –

Local IP address



Set of single IPs or a range of IPs separated by –

Specify remote IPs, any remote IP otherwise



Specify a set of remote IPs, it can be also a range of IPs separated by “-“.

Remote IP address



Specify single IPs or a range of IPs

Tokens



Tokens that can be set along with Remote Addresses. Tokens Intranet, RmtIntranet and Ply2Renders are supported in Windows 10, version 1809 and later.
Edit

Advanced Settings

Specify profiles, all will be used otherwise



If disabled all profiles will be used

Domain



Domain Profile

Private



Private Profile

Public



Public Profile

Specify interfaces, all will be used otherwise



If disabled all interfaces will be used

Local Area Network



Local Area Network interface

Remote Access



Remote Access interface

Wireless



Wireless interface
Edit

Local Principals

Add authorized local users



Allow to add a list of local users that will use this rule

Authorized users



List of authorized local users for this rule. The user must be in Security Description Definition language (SDDL) format, e.g. PC_NAME\USERNAME. This field must not be filled if a service name is set to use this rule
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.