Firewall
Three scopes are available in the firewall module:
-
Firewall status: In the status area of the firewall, you can obtain basic information on the current status of your system and the firewall.
-
Firewall networks: The networks (e.g. LAN, dial-up, etc.) to which your computer is connected are listed in the networks area.
-
Rule sets: In this area you can create special rules for different networks and thus optimise the behaviour of your firewall.
As soon as something indicates that data on your computer is to be uploaded or downloaded without authorisation, the firewall sounds an alarm and blocks the unauthorised data exchange.
A firewall protects your computer from being spied on. It checks which data and programmes from the network reach your computer and which data is sent from your computer. |
This button in the top right-hand corner allows you to access further settings dialogue boxes of the firewall. |
Firewall status
The status area of the firewall provides you with basic information on the current status of your system and the firewall. This can be found to the right of the respective entry as text or numerical information. In addition, the status of the components is also displayed graphically. By double-clicking on the respective entry, you can take direct action or switch to the respective programme area.
As soon as you have optimised the settings of a component with a warning symbol, the symbol in the status area changes back to the green tick symbol.
-
Security: As you use the computer for your daily work, the firewall gradually learns which programmes you use to access the Internet and which ones not, as well as which programmes pose a security risk. Depending how much you know about firewall technology, you can configure the firewall in such a way that you either have a very good basic protection without asking many questions, or a professional protection that is very closely aligned with your computer usage behaviour, but also requires certain knowledge from you as a user. You can set the security status under
. -
Mode: Here you are informed about the basic setting with which your firewall is currently being operated. Possible would be either manual rule creation or automatic (autopilot).
-
Autopilot: Here the firewall works completely autonomously and automatically keeps dangers away from the home PC. This setting offers practical all-round protection and is recommended in most cases. The autopilot should be switched on by default.
-
Other settings: If you want to configure your firewall individually or if certain applications do not want to work with the autopilot mode, you can use the manual rule creation to set up your firewall protection to suit your needs.
-
-
Networks: Here you can display the networks in which your computer is located.
-
Attacks prevented: As soon as the firewall registers an attack on your computer, it is prevented and logged here. You can obtain further information by clicking on the menu item.
-
Application Radar: This dialogue box shows you which programmes are currently blocked by the firewall. If you want to allow one of the blocked applications to use the network, simply select it here and click the allow button.
Firewall networks
The networks (e.g. LAN, dial-up etc.) to which your computer is connected are listed in the networks area. Here you can also shows which rule set (see chapter Rule sets) is used to protect the respective network. If you remove the tick in front of the respective network, it will be excluded from the firewall protection. However, you should only use this in justified individual cases. If you mark a network with the mouse and click Edit, you can view or change the firewall settings for this network.
Edit networks
The following information and setting options for the selected network are displayed in this overview:
-
Network Info: Here you receive information on the network and - if available - details on the IP address, subnet mask, standard gateway, DNS and WINS server.
-
Firewall active on this network: You can deactivate the firewall for the network here, you should only do this in justified individual cases.
-
Shared use of internet connection: For direct connections to the Internet, you can specify whether all computers in the network should have access to the Internet via a computer connected to the Internet or not. This Internet Connection Sharing (ICS) can usually be activated for a home network.
-
Allow automatic configuration (DHCP): When your computer is connected to the network, a dynamic IP address (via the DHCP = Dynamic Host Configuration Protocol) is assigned. If you are connected to the network via this standard configuration, you should leave the check mark here.
-
Rule set: Here you can choose quickly between pre-structured rule sets and define in this way, which the monitoring criteria of the firewall for a specific network are (trustworthy, untrustworthy or blockworthy network). With the Edit rule set button, you also have the option of configuring the rule sets individually.
Rule sets
In this area you can create special rules for different networks. These rules are then combined into a set of rules. Rule sets for direct connection to the Internet, untrusted networks, trusted networks and networks to be blocked are preset. In the overview, the respective rule set is displayed with its name. With the help of the buttons New, Delete and Edit you can change existing rule sets or add further rule sets.
The predefined rule sets for "direct connection to the Internet", "trusted networks", "untrusted networks" and "networks to be blocked" cannot be deleted. Additional rule sets that you have created yourself can, of course, be deleted at any time.
Rules
In the list of rules you will find all the rules that have been defined for this rule set. For example, selected programmes can be allowed extensive network access, even though the network itself is defined as untrustworthy. The rules that flow in here can have been generated in various ways:
-
Via the rule wizard
-
Directly via the "advanced editing mode"
-
Via the New button
-
Via the dialogue in the info box that appears in the event of a firewall alarm
Each rule set has its own list of rules. Since the firewall rules are partly hierarchically nested, it is important in some cases to consider the order of precedence of the rules. Thus it may be that a release for a port can be blocked again by denying protocol access. You can change the rank of a rule with the mouse and then moving it up or down in the list using the arrow keys under Rank.
If you create a new rule via the advanced editing mode or change an existing rule via the edit dialogue, a dialogue appears with the following options:
-
Name: For preset and automatically generated rules, the programme name for which the respective rule applies is found here.
-
Rule active: You can set a rule to inactive by removing the tick without having to delete it.
-
Comment: Here you can find out how the rule was created. Rules preset for the rule set are commented with "Preset rule". Rules that result from the dialogue from the firewall alarm are commented with "generated by request". Rules that you generate yourself via the advanced editing mode can be provided with their own comment.
-
Connection direction: The direction defines whether this rule is for outgoing or incoming connections.
-
Access: Here you set whether access is to be allowed or denied for the respective programme within this rule set.
-
Protocol: Here you can select which connection protocols you want to allow or deny access to. You have the option of generally blocking or releasing protocols or linking the use of the protocol with the use of a specific application or several applications (assign applications).In the same way, you can block/unblock unwanted or desired ports via the button Assign Internet service.
-
Time window: You can also make access to network resources time-dependent and thus, for example, ensure that access only takes place during your working hours and not outside these hours.
-
IP address space: Especially for networks with fixed IP addresses, it makes sense to regulate their use by restricting the IP address space. A clearly defined IP address space significantly reduces the risk of a hacker attack.
Using the rule wizard
With the rule wizard you can define certain additional rules for the respective rule set or modify existing rules. Especially for users who are not well acquainted with firewall technology, the rule wizard is preferable to the advanced editing mode.
With the rule wizard you change one or more rules in the selected rule set. You therefore always create a rule within a rule set that contains different rules.
Depending on which rule set you have defined for the respective network, an application can be blocked in one rule set (e.g. for untrusted networks), and full access in the other rule set (e.g. for trusted networks). For example, you could restrict a browser with correspondingly different rules in such a way that it could probably access pages that are available on your home network, but it cannot access content from a dial-up network.
The rule wizard provides you with the following basic rules:
-
Share or block applications: Allows you to select an application (a programme) on your hard disk and explicitly allow or deny it access to the network defined via the rule set. In the wizard simply select the desired programme (programme path) and then specify under "Direction" whether the programme is to be used for incoming connections, outgoing connections or both incoming and outgoing connections. In this way you can, for example, prevent your MP3 player software from passing on data about your listening habits (outgoing connections) or ensure that program updates are not automatically installed (incoming connections).
-
Release or block network services: A port is a special address range that automatically forwards data transmitted over a network to a specific protocol and software. For example, the transmission of regular web pages is handled via port 80, e-mail transmission via port 25, e-mail retrieval via port 110, etc. Without a firewall, all ports on your computer are generally open, although most of them are not needed by normal users. Blocking one or more ports can therefore quickly close gaps that could otherwise be used by hackers for attacks. In the wizard you have the option of blocking ports completely or only for a certain application (e.g. your MP3 player software).
-
File/Printer Sharing: If you allow access, you will be given the option to use shared folders and printers in the network. At the same time, other computers and users on the network can also access your shares if this is set up.
-
Release or block domain services: A domain is a kind of sub-directory for computers in a network, and thus enables centralised administration of the computers included in the network. Approvals for domain services in untrusted networks should generally be denied.
-
Shared use of the Internet connection: For direct connections to the Internet, you can specify whether or not all computers in the network should have access to the Internet via a computer connected to the Internet or not. This Internet connection sharing can usually be activated for a home network.
-
Unblock or block VPN services: VPN is the abbreviation for Virtual Private Networks and refers to the possibility to link computers exclusively with each other and to establish a direct connection between them, so to speak. For VPN services to function properly, they must be released by the firewall.
-
Advanced Rule Set Editor (Expert Mode): Allows you to switch from the rule wizard to the advanced editing mode.
Using the advanced editing mode
In the advanced editing mode, you can - assuming you have some knowledge of network security - define very individual rules for the respective network. You can create all the rules that you can create with the rule wizard, but you can also make additional configurations.
The following setting options are available here:
-
Name: Here you can change the name for the current rule set if necessary. The rule set is then displayed under this name in the list in the rulesets area and can be combined with the networks identified there by the firewall.
-
Stealth mode: With the stealth mode, requests to the computer that are used to check the accessibility of the respective ports are not answered. This makes it more difficult for hackers to obtain information about the system.
-
Action if no rule applies: Here you can specify whether access in the network is generally permitted, denied or should be controlled on demand. If special rules have been defined for individual programmes by the firewall’s learning function, these will of course be taken into account.
-
Adaptive mode: Adaptive mode supports you with applications that use the so-called return channel technology (e.g. FTP and many online games). Such applications connect to a remote computer and negotiate a return channel with it, on which the remote computer can reconnect to the application. If the adaptive mode is active, the firewall recognises this return channel and leaves it closed without asking separately.
Create rule sets
You can assign each network its own set of rules (i.e. a collection of rules specifically tailored to it). This way you can protect networks with different threat levels differently with the firewall. For example a private home network may require less protection (and therefore less administration) than a dial-up network that is in direct contact with the Internet.
In addition, you can create your own rule sets for networks. To do this, click on New in the rule sets area and specify the following in the dialogue box that appears:
-
Rule Set Name: Enter a meaningful name for the rule set here.
-
Create an empty rule set: Here you can create a completely empty set of rules and fill it exclusively with rules you have defined yourself.
-
Create a rule set that contains rules: With this selection, you can decide whether basic rules for untrusted, trusted or to be blocked networks should be predefined for the new rule set. On that basis you can then make individual changes.
The firewall contains preset rule sets for the following network types:
-
direct connection to the Internet: This includes rules that deal with direct Internet access.
-
untrusted networks: This usually includes open networks, such as dial-up networks, which have access to the Internet.
-
trusted networks: Trusted networks are usually home and corporate networks.
-
Networks to be blocked: If the contact of the computer to a network is to be blocked temporarily or permanently, this setting can be used. This makes sense, for example, when connecting to unknown networks whose security standards (e.g. at LAN parties, foreign company networks, public workplaces for notebooks, etc.).
The new rule set now appears in the rule sets area under the respective rule set name in the list. If you click on Edit, the rule wizard opens - depending on the settings you have made under
- or the advanced editing mode for editing the individual rule sets.