Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Firewall Exceptions for Worry-Free Business Security (WFBS) On-premise and Worry-Free Business Security Services (WFBS-SVC)

    • Updated:
    • 5 Oct 2021
    • Product/Version:
    • Platform:
Summary

Use the Firewall Exception List to allow or deny different kinds of network traffic based on endpoint port numbers and IP addresses. During an outbreak, Worry-Free Services applies the exceptions to the Trend Micro policies that are automatically deployed to protect your network.

For example, during an outbreak, you may choose to block all endpoint traffic, including the HTTP port (port 80). However, if you still want to grant the blocked endpoints access to the Internet, you can add the web proxy server to the exception list.

Details
Public
  1. Go to Devices.
  2. Select a desktop or server group.
  3. Click Configure Policy.

    Configure Policy

    Click the image to enlarge.

  4. Click Firewall > In Office or Out of Office.
  5. Select Enable Firewall > Advanced Mode.

    Firewall - Advanced Mode

    Click the image to enlarge.

  6. To add an exception:
    1. Click Add.
    2. Type the name for the exception.
    3. Next to Action, click one of the following:
      • Allow all network traffic
      • Deny all network traffic
    4. Next to Direction, click Inbound or Outbound to select the type of traffic to which to apply the exception settings.
    5. Select the type of network protocol from the Protocol list:
      • All
      • TCP/UDP (default)
      • TCP
      • UDP
      • ICMP
      • ICMPv6
    6. Click one of the following to specify client ports:
      • All ports (default)
      • Range: type a range of ports
      • Specified ports: specify individual ports. Use a comma "," to separate port numbers.
    7. Under Machines, select client IP addresses to include in the exception. For example, if you select Deny all network traffic (Inbound and Outbound) and type the IP address for a client on the network, then any client that has this exception in its policy will not be able to send or receive data to or from that IP address. Click one of the following:
      • All IP addresses (default)
      • Single IP: Type an IPv4 or IPv6 address, or a host name. To resolve the client host name to an IP address, click Resolve.
      • IP range (for IPv4 or IPv6): Type either two IPv4 or two IPv6 addresses in the From and To fields. It is not possible to type an IPv6 address in one field and an IPv4 address in the other field.
      • IP range (for IPv6): Type an IPv6 address prefix and length.
    8. Click Save.

    Firewall Exceptions

    Click the image to enlarge.

  7. To edit an exception, click Edit and then modify the settings in the screen that displays.
  8. To move an exception up or down the list, select the exception and then click Move Up or Move Down until it is in your preferred position.
  9. To remove an exception, select the exception and then click Remove.
  1. Go to the Configure Policy screen by performing one of the following:
    • Classic Mode: Go to SECURITY AGENTS and select a group. Click the vertical ellipsis button > Configure Policy.

      Configure Policy

      Click the image to enlarge.

    • Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
  2. Click the Windows icon.

    Windows icon

  3. Go to Firewall.
  4. Select Advanced Mode.

    Advanced Mode

    Click the image to enlarge.

  5. Go to the Exception List section.

    Exceptions

    Click the image to enlarge.

  6. To add an exception:
    1. Click Add.
    2. Type the name for the exception.
    3. Select the action to take on network traffics that meet the exception criteria.
    4. Select the traffic direction to apply the exception settings.
    5. Select the type of network protocol to apply the exception settings.
    6. Specify the endpoint ports to take the action.
    7. Specify the endpoint IP addresses to include in the exception.
      For example, if you choose to deny all inbound and outbound network traffic and specify the IP address for a single endpoint on the network, then any endpoint that applies this exception setting cannot send or receive data to or from that IP address.
      • All IP addresses
      • Single IP: Type an IPv4 or IPv6 address.
      • IP range: Type an IPv4 or IPv6 address range.
    8. Click OK.

    Firewall Exceptions

    Click the image to enlarge.

  7. To view or edit an exception, click a name in the exception list.
  8. To reorder the exception list, drag an exception to a different row.
  9. To delete an exception, point to the exception and click the Trash bin icon in the last column of the list.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000289089
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.