Configuring Inbound/Outbound Rules

The Endpoint client checks the firewall rules based on their sequence in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase.. Rules are enforced from top to bottom.

The last rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. is usually a Cleanup Rule that drops all traffic that is not matched by any of the previous rules.

Important - When you create Firewall rules for Endpoint clients, create explicit rules that allow all endpoints to connect to all the domain controllers on the network.

Note - The Endpoint client do not support DNS over HTTPS.

Inbound Traffic Rules

Inbound traffic rules define which network traffic can reach Endpoint computers (known as localhost).

The Destination column in the Inbound Rule Base describes the Endpoint devices to which the rules apply (you cannot change these objects).

These four inbound rules are configured by default:

No.	Name	Source	Service	Action	Track
1	Allow Trusted Zone	Trusted_Zone	Any	Allow	None
2	Allow IP obtaining	Internet_Zone	bootp dhcp-relay dhcp-req-local dhcp-rep-local	Allow	None
3	Allow PPTP	Internet_Zone	gre pptp-tcp L2TP	Allow	None
4	Cleanup rule	Any	Any	Block	Log

Outbound Traffic Rules

Outbound traffic rules define which outgoing network traffic is allowed from Endpoint computers.

The Source column in the outbound Rule Base describes the Endpoint devices to which the rules apply.

This outbound rule is configured by default:

No.	Name	Destination	Service	Action	Track	Comment
1	Allow any outbound	Any	Any	Allow	None

Parts of Rules

As opposed to SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. GUI, Harmony Endpoint has a unified Rule Base, which enables the user to view the entire Rule Base at a glance - both inbound and outbound. Both are sections of the same Rule Base.

These are the parts of the Firewall inbound/outbound rules:

Column	Description
#	Rule priority number.
Rule name	Name of the Firewall rule.
Source	Source location of the network traffic. For an outbound rule, the source is always set to the local computer/user/group.
Destination	Destination location of the network traffic. For an inbound rule, the destination is always set to the local computer/user/group.
Service	Network protocol or service used by the traffic.
Action	The action that is done on the traffic that matches the rule - Allow or Block.
Track	The tracking and logging action that is done when traffic matches the rule: Log - Records the rule enforcement in the Endpoint Security Client Log Viewer. Alert - Shows a message on the endpoint computer and records the rule enforcement in the Endpoint Security Client Log Viewer. None - Logs and Alert messages are not created.

Editing a Rule

From the left navigation panel, click Policy > Access.
Click the rule to select it.

When you edit a rule, a purple indication is added next to it (on the left of the rule).
In the right pane, in the section Capabilities & Exclusions, click the Firewall tab.
Click the Edit Inbound/Outbound Rulebase button.
Make the required changes.

To add a new rule, do one of these:
- From the top toolbar, the applicable option (New Above or New Below)
- Right-click the current rule and select the applicable option (New Above or New Below)
Click OK in the bottom right corner.
Click Save in the bottom right corner.

You can click Cancel to revert the changes.
Above the rule base, click Install Policy.

Deleting a Rule

Click the rule to select it.
From the top toolbar, click the garbage can icon ("Delete rule").

If you are inside the Edit Inbound/Outbound Rulebase view, then a red indication is added next to it (on the left of the rule).
If you are inside the Edit Inbound/Outbound Rulebase view, then click OK in the bottom right corner.
If your are in the Firewall policy view, click Delete to confirm.
Click Save in the bottom right corner.
Above the rule base, click Install Policy.