Rules for applications can be viewed and modified in the Applications tab of the Network Security section.
Note: The following information is for such cases when Kerio Personal Firewall is in the Advanced mode (see chapter 2.2. Initial Configuration). In the Simple mode, all outgoing traffic is allowed and all incoming communication is denied for any application (both for trusted zone and the Internet) and no rules are automatically created.
At most one rule can be defined for each application. Order of the rules is not important.
Each rule is defined by the following items:
- Description
Application icon and description. If an application has no icon, a system icon for executable files will be used. If no description is available for an application, the name of its executable file (without extension) will be displayed.
Note: Icons and descriptions of applications cannot be edited in Kerio Personal Firewall.
- Trusted, Internet
Setting of parameters for how a particular application will behave during connection from/to a Trusted area or from/to the Internet (In — incoming connection; Out — outgoing connection).
For each zone and direction one of the following actions can be selected:
permit — allows the connection
deny — blocks the connection
ask — Kerio Personal Firewall asks the user to either permit or deny the connection. Anytime a new connection is detected, the Connection Alert dialog is opened (for a detailed description of this dialog read chapter 5.2. Connection Alert (unknown traffic detection)) and the user decides how the firewall will react.
Note: Rules can be edited in the Connection Alert dialog using the Create a rule for this communication... option. If this option is checked, the default Ask action is switched to an action selected by the user.
Example: Rule for the Mozilla Web browser — see the screenshot above
Web browsers are typical client applications which connect to Web servers. Outgoing connection (Out) from these applications can be permitted (Permit). Because Web servers do not open a connection to the client, we can Deny incoming connections for Mozilla or we set the Ask action so that such connection attempts will be always reported and the firewall will ask the user to take an appropriate action.
- Log
Check this option to log all communication which would meet the rule into the Network log (see chapter 16.4. Network Log), regardless of the action which has been taken (both permitted and denied connections will be logged).
- Alert
Check this option if you want Kerio Personal Firewall to display an alert anytime a connection meeting this rule is detected. The message will appear in the Alert dialog window (refer to chapter 5.5. Alert Dialog Window (alerts on events)), regardless of whether the connection is permitted or denied.
This function can be helpful for example when a connection is denied and we want to find out when the remote points repeat the connection attempt.
Use the button to edit a selected rule (see below). Use the button to remove a selected rule. The button can be used to refresh the rule list (when the Applications tab is open, an interaction between the firewall and user may arise and rules may be added or modified).
The Another application rule (so called default rule) is always placed at the end of the list of network traffic rules for applications. This rule applies to network traffic which does not match with any other rule.
Default rule is highlighted in the rule list. It cannot be removed.
Notes:
Actions can be set in the Any other application rule to switch between firewall modes (see chapter 2.2. Initial Configuration):
If at least one ask action is in the rule, the firewall works in the Advanced mode — whenever an unknown traffic is detected, user is asked to take an action; the traffic is handled according to his/her decision.
If only the permit and/or deny actions are set in the rule for both zones and both directions, the firewall works in the Simple mode — if an unknown traffic is detected, a corresponding action is taken without asking the user.
The default rule is also used as a “template” for new rules which are created automatically in correspondance with interaction with the user. For security reasons, action selected by the user is set only for for zone and direction corresponding with detected traffic. The other actions are adopted from the default rule.
Example: In the default rule, the ask action is used for all traffic zones and directions. The user runs a Web browser and connects to a server in the LAN which belongs to the trustworthy zone. The firewall informs the user about an unknown traffic (see chapter 5.2. Connection Alert (unknown traffic detection)). The user permits the traffic and enables the option of creating of a new rule. In the new rule, the permit action will be set for outgoing traffic in the trustworthy zone, and the ask action will be set both for incoming traffic in the trustworthy zone and both directions in the Internet zone (this action will be adopted from the default rule).
The behaviour that is described above must be considered when actions are set for the default rule. It is recommended to set the ask action for all zones and directions in case of self-taught mode or deny for blocking any unknown traffic without asking the user.
The following options are available for the rules:
Right-click on the Description column to open the context menu providing the following functions:
Edit — opens a dialog where a selected rule can be edited (see below)
Remove — removes a selected rule
Displayed application name — use this option to define how the application name will be displayed:
Full path to the file
File name without the path
Description of the application
Use the Show icon option to enable/disable application icons before application names or descriptions.
Click on an action (in the Trusted or the Internet column):
Click on the edit button in the context menu to modify a selected rule. In this dialog you can set actions for individual zones and traffic directions, logging and parameters for sending alerts to users.
Description of an application is displayed at the top of the dialog. Below this description, icon and full path to the application executable file is given. This information cannot be edited.
In the center of the dialog window actions for individual zones and traffic directions can be set.
Check the Log communication to network log option to enable logging of communication meeting this rule to the Filter log (see chapter 16.4. Network Log).
Use the Show alert to user option to enable the Alert dialog (refer to chapter 5.5. Alert Dialog Window (alerts on events)) for connections meeting this rule.