Network Control Rules and Rule Order

Firewall Control rules let you allow or block network traffic, based on the traffic identifiers reported by the operating system. From Management version Liberty, there is one unified rule base for all operating systems. Each rule can apply to one or more operating systems. When the Management sends policy information to Agents, it includes these rules.

When network traffic enters or leaves an endpoint, the EDR Agent allows or blocks it based on the Firewall Control policy.

  • The Agent looks at the rules based on their order in the Network Control policy, from the top to the bottom
  • When the Agent finds a rule that matches the parameters of the traffic, that rule is applied - The Agent does not continue to the lower rules in the list
  • If the matched rule has the Block Action, the Agent blocks the traffic - If the matched rule has the Allow Action, the Agent allows the traffic

The rules that apply to your current RMM EDR Policy show in its Network Control tab.

From version Liberty, you can manage Firewall rules with tags:

  • Create Tags that represent Firewall policies. Add rules to the Tags. After you set up a Tag, it functions as a policy - a set of rules in a specific order.
  • When you make a change to a rule with a tag, or change the order of rules that include rules with tags, all scopes that subscribe to the tag get the change.

Click Select filters to filter the rules by rule attributes. Select the attributes to filter for or use the free text search.

The Agent applies the rules in this order:

  1. Group rules from first to last.
  2. Site rules from first to last.
  3. Account rules from first to last.
  4. Global rules from first to last.

New rules are added to the top of the relevant section of the Firewall Control policy.

To change the order of the rules:

You can change the order of rules in your Admin scope. Account and Site Admins can change the order of rules for the Sites and Groups in their scope.

  1. Edit the Policy where Network Control Rules are to be re-ordered
  2. Navigate to the Network Control tab
  3. Click the Reorder rules
  4. In the window that opens, drag and drop the rules into the desired order, or in the Order column, click the number of the rule and enter a new number
  5. Click Save