114
Enforced Client Product Guide Using the Firewall Protection Service
Configuring policies for firewall protection
5
How do user settings and administrator settings coexist?
When you select Administrator configures firewall, any firewall settings that users have configured
on their computers are saved.
If you also select Prompt mode, user settings are merged with your policy settings on each
client computer. When they differ, user settings take precedence over administrator settings.
If you select Protect mode or Report mode, user settings become inactive.
Saved settings configured by users become active again only when you reconfigure the policy
for
Prompt mode or User configures firewall.
Install the firewall protection service via policy
Use this option to install the firewall protection service automatically whenever client computers
check for an updated policy. You might want to use this feature for adding the firewall protection
service on computers where the Enforced Client client software is already installed. By default,
this option is disabled.
To install the firewall protection service via policy:
1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
2 Click the Desktop Firewall tab.
3 Under Firewall Configuration, select Automatically install the desktop firewall on all computers
using this policy
, then click Save.
Enable firewall protection
Specify whether the firewall protection service monitors inbound communications and Internet
applications. By default, this feature is enabled.
To enable the firewall protection service:
1 On the Groups + Policies page, click Add Policy (or click Edit to modify an existing policy).
2 Click the Desktop Firewall tab.
3 Under Firewall Status, select On, then click Save.
Caution
Enabling this feature can result in unattended installations on computers where no one is
available to authorize communications that are consequently blocked by the firewall. If this
feature is used to install the firewall protection service on a server, it is important to configure
essential system services first, to prevent disruptions.