Firewall Settings – Network Types

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

Each network interface on a computer has a specific type of network assigned to it. Computers with multiple network interfaces can have different network types assigned, and different firewall rules for each network interface.

In the Firewall settings of a workstations and servers settings profile, you can configure the network type with one of these options:

• Public Network — Public places such as airports, Internet cafés, and universities. Computers are not visible to other users on the network and some programs have limited access to the network. Limitations must be established on the way protected computers are used and accessed (file, resource, and directory sharing). Endpoint Security rules are enabled or disabled according to the administrator’s criteria.
• Trusted Network — Home or office networks when you know and trust the other users and devices on the network. Computers are visible to other computers and devices on the network.
• Detect Automatically — The network type (public or trusted) is selected automatically based on the rules you specify.

Configure Rules for Trusted Access

If you select Detect Automatically as the network type, you can add and configure rules to determine whether a computer is connected to a trusted network.

To be considered a trusted network, the computer must be able to resolve a domain previously defined on an internal DNS server. If the computer can connect to the DNS server and resolve the configured domain, then it is connected to the company network, and the firewall assumes the computer is connected to a trusted network. If none of these conditions is met, then the network type selected for the network interface is public network.

Configuration Example

In this configuration example, the organization’s primary DNS zone is mycompany.com. Add a Type A record and confirm that the DNS server resolves successfully, and then create a rule to determine when a computer is connected to a trusted network in the Endpoint Security management UI.

1. Add a Type A record with the name firewallcriterion to the primary zone of your organization’s internal DNS server. Shown as mycompany.com in this example..
   You do not need to specify an IP address because it is not used to validate the criterion. Endpoint Security will attempt to resolve the domain firewallcriterion.mycompany.com and confirm that it is connected to the company network.
2. Restart the DNS server if required.
3. Use the tools nslookup, dig, or host to make sure that firewallcriterion.mycompany.com resolves successfully from all segments of the internal network.

Create a rule that computers must meet to be considered connected to a trusted network.

1. Select Configure Rules to Determine When a Computer Is Connected to a Trusted Network.
2. Click .
   The Add Criterion dialog box opens.

3. In the Criterion Name text box, type a name for the rule you want to add (for example, myDNScriterion).
4. In the DNS Server text box, type the IP address of the internal DNS server in your company network that can resolve DNS requests.
   
5. In the Domain text box, type the domain to send to the DNS server for resolution. (for example, firewallcriterion.mycompany.com).
   
6. Click OK.
7. Click Save.
8. Click Save.

After the criterion is configured and applied, the computer tries to resolve the firewallcriterion.mycompany.com domain on the specified DNS server every time an event occurs on the network interface (for example, connect, disconnect, or IP address change). If DNS resolution succeeds, the settings assigned to the trusted network are assigned to the network interface used.

Related Topics

Configure Firewall Settings (Windows Computers)

Manage Settings Profiles