Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home 26.1.b Administration Guide

    Host Firewall

    Host Firewall

    Use the Communications Control > Host Firewall page to configure host firewall policies to control incoming and outgoing network traffic to protect endpoints against unwanted connections based on remote addresses, protocols, or applications in use to reflect the organization’s network policies. Host firewall policies reduce the attack surface by protecting the host while working outside the enterprise network (public Internet, home, or other networks).

    To configure a host firewall policy:

    1. In the Communications Control > Host Firewall page, click the Add button at the top left corner.

    2. Specify a name for the host firewall policy.

    3. Select the Collector groups that the host firewall policy applies to.

    4. Click Save to save the host firewall policy.

      The host firewall policy appears in the list.

    5. (Optional) Add or remove Collector groups for the host firewall policy in the Collector group column.

    6. Define rules to associate with the host firewall policy:

      1. Expand the row of the host firewall policy in the table.

      2. Click the Add button under the host firewall policy.

      3. Enable the rule if you want to enforce the rule immediately after creation. You can also choose to enable it later.

      4. Specify a name for the rule.

      5. Specify the application name or IP address and port combination that the rule applies to.

        The IP address and port can be single or a range, including wildcard. For example, 192.168.0.1 or 192.168.0.1-192.168.0.100.

      6. Select the protocol, which can be TCP, UDP, or any.

      7. In the Process field, specify an application name to apply the rule to one specific application or use the default Any, which means the rule applies to all applications.

      8. In the Action dropdown, select whether to allow or deny matching connections.

        The action applies to both incoming and outgoing traffic.

      9. (Optional) Add a description for the rule.

      10. Click Save to save the rule.

        The rule appears under the host firewall policy in the table.

      11. Add more rules by repeating the steps above as needed.

      12. When more than one rule exists, drag and drop the rules in the order of priority. When the criteria of multiple groups are met, the first matching rule will be used.

    7. Enable or disable the host firewall policy or a specific rule using the mode button.

    8. To log connections blocked by a Collector, check the Firewall Block action in the Collector's assigned Threat Hunting Collection profiles.

    Host firewall policies work side by side with existing Communication Control policies. In case of contradictions, EDR applies the more restrictive out of the two. For example, if a group is assigned to a host firewall policy that allows any connection to a specific remote address but the Communication Control policy assigned to the group restricts connections to low reputation applications, connections to the remote address will be blocked if the connection goes to low reputation applications.
    Previous
    Next

    Host Firewall

    Host Firewall

    Use the Communications Control > Host Firewall page to configure host firewall policies to control incoming and outgoing network traffic to protect endpoints against unwanted connections based on remote addresses, protocols, or applications in use to reflect the organization’s network policies. Host firewall policies reduce the attack surface by protecting the host while working outside the enterprise network (public Internet, home, or other networks).

    To configure a host firewall policy:

    1. In the Communications Control > Host Firewall page, click the Add button at the top left corner.

    2. Specify a name for the host firewall policy.

    3. Select the Collector groups that the host firewall policy applies to.

    4. Click Save to save the host firewall policy.

      The host firewall policy appears in the list.

    5. (Optional) Add or remove Collector groups for the host firewall policy in the Collector group column.

    6. Define rules to associate with the host firewall policy:

      1. Expand the row of the host firewall policy in the table.

      2. Click the Add button under the host firewall policy.

      3. Enable the rule if you want to enforce the rule immediately after creation. You can also choose to enable it later.

      4. Specify a name for the rule.

      5. Specify the application name or IP address and port combination that the rule applies to.

        The IP address and port can be single or a range, including wildcard. For example, 192.168.0.1 or 192.168.0.1-192.168.0.100.

      6. Select the protocol, which can be TCP, UDP, or any.

      7. In the Process field, specify an application name to apply the rule to one specific application or use the default Any, which means the rule applies to all applications.

      8. In the Action dropdown, select whether to allow or deny matching connections.

        The action applies to both incoming and outgoing traffic.

      9. (Optional) Add a description for the rule.

      10. Click Save to save the rule.

        The rule appears under the host firewall policy in the table.

      11. Add more rules by repeating the steps above as needed.

      12. When more than one rule exists, drag and drop the rules in the order of priority. When the criteria of multiple groups are met, the first matching rule will be used.

    7. Enable or disable the host firewall policy or a specific rule using the mode button.

    8. To log connections blocked by a Collector, check the Firewall Block action in the Collector's assigned Threat Hunting Collection profiles.

    Host firewall policies work side by side with existing Communication Control policies. In case of contradictions, EDR applies the more restrictive out of the two. For example, if a group is assigned to a host firewall policy that allows any connection to a specific remote address but the Communication Control policy assigned to the group restricts connections to low reputation applications, connections to the remote address will be blocked if the connection goes to low reputation applications.
    Previous
    Next