Redesigned WinAV firewall is going to be launched together with Business Hub 8.36 release. It includes a new look and layout of settings, and new advanced features. The new Firewall will be enabled in end-clients running 21.11.
Firewall Policies in Hub/Cloud Console
The controls for the new firewall will be available in the cloud consoles - see cloud console 8.36 release notes for more information.
Local Client Firewall
The Firewall component UI has been updated, with the tabs available: Networks, Apps, Logs, and Advanced.
Networks tab
-
The user can view the current and recent networks, and see whether they are Trusted or Untrusted. Trusted = Private, Untrusted = Public.
-
The user can expand Show Settings and change the trust option (if not controlled by policies), and also view the network details using the icon next to the Show/Hide Settings button
Apps tab
-
Under Apps, the user can view the existing applications that have communicated on the device, their status (active/inactive), internet usage (last 24 hours of activity), and can immediately block the application.
-
Under Blocked Apps, the user can view and unblock the blocked applications, as well as accessing the same context menu to turn on ask me mode, show the app details, and show the app rules.
Logs tab
- The Firewall Logs have been moved inside the UI under the Logs tab. The user can see the blocked applications, time, protocol, direction, and IP address.
- Expanding the entry will show the details of the connection, with a link to go directly to the rule triggered
Advanced tab
- The Advanced tab includes the new Firewall features where the user can enable/disable each one (managed devices should manage this setting from the policy)
Description of advanced features
-
Leak Protection - Prevents the device from leaking potentially sensitive data by enabling packet rules to block certain types of communication.
-
Port Scan Alerts - Warns the user if hackers/malware attempts to scan the device for open ports.
-
ARP Spoofing Alerts - Warns the user about attempted ARP spoofing attacks.