- The 'Firewall' section of a Windows profile lets you create rules to manage internet access rights for Endpoint applications.
- You can create simple allow/block rules, or more complex rules based on traffic direction, traffic protocol, source/destination port, and more.
- This tutorial shows you how to create a file group of your target applications, then configure internet access rules for the group in a profile.
Process in brief:
- Login to ITarian
- Click 'Applications' > 'Endpoint Manager'
- Click 'Settings' > 'System Templates'
- Select the 'File Groups Variables' tab
- Create a filegroup containing the applications you want to manage
- Click ‘Configuration Templates’ > ‘Profiles’
- Open the Windows profile applied to your target devices
- Open the 'Firewall' tab if it has already been added to the profile
OR
- Click 'Add Profile Section' > 'Firewall' if it hasn't yet been added
- Click the 'Application Rules' tab
- Click 'Add' to create a custom application rule
- Select the file group as the target for the rule
- Create custom internet access rules for the group, or use an existing ruleset
- Click 'OK'
- Click 'Save' for your settings to take effect
Process in detail:
Step 1 - Create a file group of the applications you want to manage
- File groups are collections of one or more files. You can select a file group as the target of firewall rules.
- Endpoint Manager ships with predefined groups of popular file types. For example, there are groups for ‘Windows updater applications’, ‘Web browsers’, ‘Email clients’ and ‘Metro Apps’.
- If none of the predefined groups cover your needs, you can create a custom file group that contains specific applications. You can then apply firewall rules to the group to control their internet access rights.
Create a file group
- Login to ITarian
- Click 'Applications' > 'Endpoint Manager'
- Click 'Settings' > 'System Templates'
- Select the 'File Groups Variables' tab
- Create a name for the file group then click the
button
Step 2 - Configure firewall rules for the group in a profile
Use a pre-defined ruleset
- Pre-defined rulesets contain ‘already-configured’ rules that achieve specific aims or are suited to specific application types. For example, there are rulesets for ‘Allowed applications’, ‘Blocked applications’, ‘Web browsers’ and ‘Email clients’.
- Open the ‘Ruleset’ tab of a firewall profile to view/manage the rules in each set.
- You can use an existing ruleset on your target applications if it meets your needs.
- Select 'Use ruleset':

- Choose 'Allowed Application' or 'Blocked Application' as required. Or choose another ruleset if you want to implement more specific rules.
- Click 'OK'
Use a custom ruleset
- Select 'Use a custom ruleset' in the rule dialog
- You can now manually create individual rules, or use the ‘Copy from...’ feature to import rules as a starting point.
- Click ‘Add Rule’ to configure a new rule from scratch
- Select ‘ruleset’ in the ‘copy from’ drop-down to import existing rules as a starting point
- You can also copy the rules from another application class if required


- Click the pencil icon on the right to edit it as required
- Use the checkboxes on the left to enable or disable specific rules
- Click ‘OK’
- Click 'Save' in the firewall settings pane for your changes to take effect