There are three areas in the firewall module:
- Status: In the Status area of the firewall, you will find basic information about the current status of your system and the firewall.
- Networks: The Networks area lists the networks (e.g. LAN, data transmission network etc.) to which your computer is connected.
- Rule sets: In this area you can create specific rules for different networks and so optimize the performance of your firewall.
As soon as there is an indication that data is to be installed or downloaded on your computer without authorization, the firewall alarm sounds and blocks the unauthorized data exchange.
Settings: You can use this button at the top right to access all the other settings dialogs for the firewall.
In the status area of the firewall, you will find basic information about the current status of your system and the firewall. You will find this to the right of the relevant entry as either text or numerical data. In addition, the status of components is also displayed graphically. By double-clicking the respective entry, you can carry out actions here directly or switch to the respective program area.
As soon as you have optimised the settings for a component with a warning icon, the icon in the Status area will revert to the green check icon.
- Security: As you use the computer for your daily tasks, the firewall gradually learns which programs you do or do not use for Internet access and which programs represent a security risk. Depending on how familiar you are with firewall technology, you can configure the firewall to provide either highly effective basic protection without an excessive number of inquiries or professional protection customized to your own computer usage habits – however this also requires detailed knowledge of firewalls. You can set the security status here: Settings | Firewall | Automatic.
- Mode: Here you are informed with which basic setting your firewall is currently being operated. Either manual rule creation or automatic (autopilot) are possible here.
- Autopilot: Here the firewall works fully autonomously and automatically keeps threats from the local PC. This setting offers practical all-around protection and is recommended in most cases. The autopilot should be switched on by default.
- More settings: If you would like to individually configure your firewall or do not want particular applications to work together with autopilot mode, you can adjust your firewall protection entirely to your requirements via the manual rule creation. Further information is available in the following section: Settings | Firewall | Automatic.
- Networks: Here you can see the networks your computer is part of. You can find more information in the following section: Firewall | Networks.
- Prevented attacks: As soon as the firewall registers an attack on your computer, this is prevented and logged here. More information is available by clicking on the menu item.
- Application radar: This dialog box shows you which programs are currently being blocked by the firewall. If you still want to allow one of the blocked applications to use the network, simply select it and then click the ALLOW button.
The Networks area lists the networks (e.g. LAN, data transmission network etc.) to which your computer is connected. Also shown here is which rule set (see section entitled Rule sets ) are protecting the respective network. If you uncheck the relevant network it will no longer be protected by the firewall. However, you should only disable this protection in specially justified circumstances. If you use the mouse to highlight a network and click on the Edit button, you can view and/or change the firewall settings for this network.
The following information and settings options for the selected network will be displayed in this overview:
- About network: This is where you can find information about the network, such as – where available – the IP address, subnet mask, default gateway, DNS and WINS server.
- Firewall enabled on this network: You can use this option to disable the firewall's network protection, but you should only do this in specially justified circumstances.
- Internet connection sharing: If your system connects directly to the Internet, you can specify whether all computers on the network should have access to the Internet via a computer connected to the Internet or not. This Internet connection sharing (ICS) can usually be enabled for a home network.
- Enable automatic configuration (DHCP): When you connect your computer to a network, a dynamic IP address is assigned (via DHCP = Dynamic Host Configuration Protocol). You should leave this option checked if you are connected to the network using this default configuration.
- Rule set: You can very quickly choose from predefined rule sets and determine whether, in terms of firewall monitoring, you are dealing with a network which can be e.g. trusted, not trusted, or should be blocked. Clicking the Edit rule set button gives you the option of configuring rule sets individually. Please also refer to the section Creating rule sets.
In this area you can create special rules for different networks. These rules can then be grouped together to form a rule set. There are default rule sets for direct Internet connection, for untrusted networks, trusted networks, and blocked networks. The relevant rule set is displayed with name in the overview. You can change existing rule sets or add new ones using the NEW , DELETE , and EDIT buttons.
The default rule sets for Blocked networks, Direct Internet connection , Trusted networks and Untrusted networks cannot be deleted. You may, of course, delete additional rule sets that you yourself have created at any time.
Using the Rule wizard
The rule wizard allows you to define specific additional rules for the relevant rule set, or to modify existing rules. We recommend that users unfamiliar with firewall technology use the rule wizard rather than the advanced editing mode.
You can use the rule wizard to change one or more rules in the selected rule set. Thus you always create a rule within a rule set that contains various rules.
Depending on which rule set you have specified for the relevant network, one rule set (e.g. for untrustworthy networks) may block an application while another (e.g. for trustworthy networks) could grant it full network access. This means you can use a strategic combination of rules to restrict a browser in such a way that, for example, it can access websites available within your home network but cannot access content from the data transmission network.
The following basic rules are available in the rule wizard:
- Allow or block applications: This allows you to select a specific application (program) on your hard disk and explicitly permit or deny it access to the network governed by the rule set. Simply use the wizard to select the required program (program path) then, under Direction, indicate whether the program is to be blocked for inbound connections, outbound connections or both inbound and outbound connections. This enables you, for example, to prevent your MP3 player software forwarding data about your listening habits (outbound connections) or to ensure that program updates are not downloaded automatically (inbound connections).
- Allow or block network services: A Port is a specific address area that automatically forwards data transferred over a network to a specified protocol and then on to specified software. For example, standard websites are transferred via port 80, while email is sent via port 25 and received via port 110, etc. Without a firewall, all ports on your computer normally remain open, although the majority of users do not need most of these. Blocking one or more of these ports is a quick way of eliminating vulnerabilities that could be used for attacks by hackers. The wizard provides the option of blocking ports completely or for a particular application only (e.g. your MP3 player software).
- File/printer sharing: If you permit access, you have the option of using shared folders and printers on the network. At the same time other computers and users on the network can access your shared data (where set up for this).
- Allow or block domain services: A domain is a type of classification directory for computers on a network that allows the computers linked to the network to be managed centrally. Enabling for domain services in untrustworthy networks should generally be denied.
- Shared use of the Internet connection: If your system connects directly to the Internet, you can specify whether all computers on the network should have access to the Internet via a computer connected to the Internet or not. Such Internet connection sharing can usually be enabled for a home network.
- Allow or block VPN services: VPN is an abbreviation for Virtual Private Network and refers to the option of exclusively linking computers to one another, thus setting up a sort of direct connection between them. To enable VPN services to function, they must be approved by the firewall.
- Advanced Rule Set Editor (expert mode): This allows you to move from the rule wizard to the advanced editing mode. For further information on the advanced editing mode, see the section below entitled Using the advanced editing mode.
Using the advanced editing mode
The advanced editing mode allows you to set highly specific rules for the relevant network, although you will need a certain level of knowledge of network security for this. You can of course create all the rules here that can be created using the rule wizard, but advanced settings can also be made.
The following configuration options are available here:
- Name: This allows you to change the name of the current rule set if required. The rule set will then be displayed under this name in the list within the Rule setsarea and can be combined with networks identified by the firewall there.
- Stealth mode: Stealth mode (meaning: hidden, secret) is used for not answering requests to the computer that verify the relevant port's accessibility. This makes it difficult for hackers to obtain system information in this manner.
- Action if no rule applies: Here you can specify whether access to the network is generally allowed, denied or regulated on request. Any special rules for individual programs defined by the firewall's learning function are applied.
- Adaptive mode: The adaptive mode supports applications that use feedback channel technology (e.g. FTP and numerous online games). These applications connect to a remote computer and negotiate a feedback channel with it, which the remote computer then uses to reverse connect to your application. If the adaptive mode is enabled, the firewall detects this feedback channel and permits it without querying it separately.
The list of rules contains all the rules that are defined for this rule set. This means, for example, that selected programs can be authorized for numerous network accesses even if the network is classified as untrustworthy. The rules applicable here may have been created in various ways:
- Via the Rule wizard
- Directly using the advanced editing mode via the New button
- Using the dialog in the info box displayed when the Firewall alarm is triggered.
Of course, each rule set has its own list of rules.
Since the firewall rules are in part switched hierarchically, it is sometimes important to note the rank of each rule. For example, a port that you have granted access to may be blocked again because a certain protocol is denied access. To modify the rank of a rule in the sequence, highlight it with the mouse and use the arrow buttons under Rank to move it up or down the list.
If you create a new rule using the advanced editing mode, or modify an existing rule using the Edit dialog, the Edit rule dialog appears with the following setting options:
- Name: For default and automatically generated rules, this displays the program name to which the relevant rule applies.
- Rule enabled: You can disable a rule without actually deleting it by deactivating the checkbox.
- Note: This indicates how the rule was created. Next to rules preset for the rule set it says "Default rule"; next to rules that arise from the dialog for the Firewall alarm it says "generated in response to alert"; and for rules that you generate yourself via the advanced editing mode you can insert your own comment.
- Direction: This setting specifies if the selected rule applies to inbound or outbound connections, or to both inbound and outbound connections.
- Access: This specifies if access is to be permitted or denied for the relevant program within this rule set.
- Protocol: This allows you to select the connection protocols you want to permit or deny access. You can generally block or enable protocols or link usage of a protocol to the use of one or more specific applications (Match to applications). Similarly, you can use the Match to Internet service button to specify the ports that you do or do not wish to use.
- Time window: You can also set up time-related access to network resources to ensure, for example, that the network can only be accessed during your normal working day and is blocked at all other times.
- IP range: It is advisable to regulate network use by restricting the IP address range, especially for networks with fixed IP addresses. A clearly defined IP address range significantly reduces the risk of attack from a hacker.
Creating rule sets
You can allocate every network its own rule set (i.e. a collection of rules specially matched to it). In this manner you can protect networks with different levels of danger in different ways using the firewall. For example, a home network may require considerably less protection (and consequently less administrative effort) than a data transmission network directly connected to the Internet.
Furthermore, you can also create individual rule sets for networks by clicking the New button. To do this, click the New button in the Rule sets area and enter the following details in the dialog window:
- Rule set name: Enter a meaningful name for the rule set here.
- Generate an empty rule set: This allows you to generate an empty rule set and enter custom-defined rules.
- Generate a rule set which contains a number of meaningful rules: This option allows you to specify if you want the new rule set to include a few default rules for untrusted, trusted or blocked networks. You can then make individual adjustments based on these defaults.
The firewall contains default rule sets for the following network types:
- Direct Internet connection: This covers rules that involve direct Internet access.
- Untrusted networks: This generally covers open networks (e.g. data transmission networks) with Internet access.
- Trusted networks: Home and company networks are generally trusted.
- Blocked networks: This setting can be used if the computer's access to a network is to be blocked on a temporary or permanent basis. This is advisable, for instance, when you are connected to unfamiliar networks with an indeterminate level of security (e.g. LAN parties, external corporate networks, public workspaces for laptops, etc.)
The new rule set now appears in the list in the Rule sets area under the relevant rule set name (e.g. New rule set). If you then click on Edit - depending on the setting you made under Settings | Other (see the section with the same name) - the Rule wizard or the advanced editing mode for editing the individual rules of this rules set will open. You can learn how to assign new rules in the rule sets in the sections entitled Using the Rule wizard and Using the advanced editing mode.
In addition to directly entering rules yourself, you can also create rules via the firewall alarm info box. This learning process of the firewall is explained in the section entitled Firewall alarm .