Enabling or Disabling the firewall feature of Apex One

Apex One2019

Last updated: 2022/03/18

Solution ID: KA-0012385

Category: Configure

During the Apex One server installation, you are prompted to enable or disable the Apex One firewall.

This article shows you the steps to turn on/off the firewall feature on Apex One agents for the following scenarios:

If you enabled the firewall during installation and noticed an impact on performance, especially on Windows Server platforms, consider disabling the firewall.
If you disabled the firewall during installation but now want to protect the agent from intrusions, then you may consider enabling the firewall.

This article can also be used as reference to create and customize policies, then apply them on all or selected agent profiles.

You can use the following methods to enable or disable the firewall on all or selected Security Agent endpoints.

To configure the Apex One Firewall service on all Security Agents using Global Agent Settings, do the following:

Login to the Apex One Admin Console, and go to Agents > Global Agent Settings.
On the Security Settings tab, go to the Firewall Settings section and change the settings to the preffered ones:
For example:
On the System tab, go to the Certified Safe Software Settings section and select Enable the Certified Safe Software Service for Behavior Monitoring, Firewall, and antivirus scans.
Click Save.

Configure the Apex One Firewall service on selected Security Agents using Additional Service Settings.

Login to Apex One Administrator Console, and go to Agents > Agent Management.
Select the endpoint or domain group of the clients to configure.

^{Click the image to enlarge.}
Click Settings > Additional Service Settings.
Enable Windows desktop or server.

^{Click the image to enlarge.}
Click Save.

Disabling the firewall service automatically disables all firewall policies on the selected agents.

To create a new policy and apply it to Security Agents, do the following:

Login to the Apex One Administrator Console, and go to Agents > Firewall > Policies.
To add a new policy, click Add.

^{Click the image to enlarge.}
Type a name for the policy.
Select a security level.
Select the firewall features to use for the policy.
Enable the local or global Certified Safe Software List.

^{Click the image to enlarge.}

Ensure that the Unauthorized Change Prevention Service and Certified Safe Software Services have been enabled before enabling this service.
Under Exception, select the firewall policy exceptions. You can modify an existing policy exception or create a new one.
Click Save.

For more information, refer to Firewall Policies.

Login to Apex One Administrator Console, then
Go to Agents > Firewall > Profiles, then click Add.

^{Click the image to enlarge.}
Click Enable this profile to allow Apex One to deploy the profile to Security Agents.
Type a name to identify the profile and an optional description.
Select a policy for this profile.
Specify the agent endpoints to which Apex One applies the policy. Select endpoints based on the following criteria.

^{Click the image to enlarge.}
Select whether to grant users the privilege to change the firewall security level or edit a configurable list of exceptions to allow specified types of traffic.
Click Save.

Was this article helpful?