In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Sophos small business solutions: client firewall default configuration

The following are the 'factory default' rules and configuration settings for the small business solutions version of the Sophos Client Firewall. They are used from the initial reboot, until some other policy or configuration is applied.

1. General settings
2. ICMP settings
3. LAN settings
4. Global rules
5. Application rules
6. Process-control settings
7. Log settings
8. Checksum settings

1. General settings

• Disable Firewall = false
• Firewall mode = non-interactive + report (except standalone installer, where mode is Learning)
• Report Application Events = true
• Report Errors = true
• Hide Tray Icon = false
• Stealth Mode = true
• Checksum Applications = true
• Block Modified Memory = true

2. ICMP settings

• ICMP = 0 IN
• ICMP = 3 IN OUT
• ICMP = 8 OUT
• ICMP = 10 IN OUT
• ICMP = 11 IN

3. LAN settings

[IP address of your local LAN settings, e.g. 172.16.00] (255.255.0.0) NetBIOS.

4. Global Rules

ICMP From The Management Console

Rule

• Name = Allow ICMP From The Management Console
• Enabled = True
• High Priority = true
• Ignore Checksum = false
• Default Rule = True
  
  Where the protocol is IP and the type is ICMP
    and the direction is Inbound and Outbound
    and the remote address is [IP address of the Management Console server, e.g. 172.16.101.74]
  Allow it

DCOM Communication From The Management Console (UDP)

Rule

• Name = Allow DCOM Communication From The Management Console (UDP)
• Enabled = true
• High Priority = true
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is UDP
    and the direction is Inbound
    and the remote address is  [IP address of the Management Console server, e.g. 172.16.101.74]
    and the local port is 135
  Allow it

DCOM Communication From The Management Console (TCP)

Rule

• Name = Allow DCOM Communication From The Management Console (TCP)
• Enabled = true
• High Priority = true
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is TCP
    and the direction is Inbound
    and the remote address is  [IP address of the Management Console server, e.g. 172.16.101.74]
    and the local port is DCOM
  Allow it

Loopback TCP Connection

Rule

• Name = Allow Loopback TCP Connection
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is TCP
    and the remote address is 127.0.0.0 (255.0.0.0)
  Allow it

GRE Protocol

Rule

• Name = Allow GRE Protocol
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is IP and the type is GRE
  Allow it

PPTP Control Connection

Rule

• Name = Allow PPTP Control Connection
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is PPTP
    and the local port is 1024-65535
  Allow it

Loopback UDP Connection

Rule

• Name = Allow Loopback UDP Connection
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is UDP
    and the remote address is 127.0.0.0 (255.0.0.0)
    and the local port is equal to remote port
  Allow it

Block RPC Call (TCP)

Rule

• Name = Block RPC Call (TCP)
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is TCP
    and the direction is Inbound
    and the local port is DCOM
  Block it

Block RPC Call (UDP)

Rule

• Name = Block RPC Call (UDP)
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is UDP
    and the local port is 135
  Block it

Outgoing TCP

Rule

• Name = Allow outgoing TCP
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
  Allow it

Outgoing UDP

Rule

• Name = Allow outgoing UDP
• Enabled = true
• High Priority = false
• Ignore Checksum = false
• Default Rule = true
  
  Where the protocol is UDP
    and the direction is Outbound
  Allow it
    and stateful inspection

5. Application rules

alg.exe (Windows Firewall component)

Name = alg.exe
Description =
Type = custom

Rules

• Allow ALG Redirect
  Name = Allow ALG Redirect
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Inbound
  Allow it
    and stateful inspection
  
  
• Microsoft Application Layer Gateway Service connection
  Name = Microsoft Application Layer Gateway Service connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is FTP
  Allow it
    and stateful inspection
  

lsass.exe (Local Security Authority Subsystem Service)

Name = lsass.exe
Description =
Type = custom

Rules

• Local Security Authority Service Kerberos UDP connection
  Name = Local Security Authority Service Kerberos UDP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the remote port is 88
  Allow it
    and stateful inspection
  
  
• Local Security Authority Service Kerberos TCP connection
  Name = Local Security Authority Service Kerberos TCP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is 88
  Allow it
  
  
• LSASS LDAP connection to Global Catalog Server
  Name = LSASS LDAP connection to Global Catalog Server
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is 3268-3269
  Allow it
    and stateful inspection
  
  
• Local Security Authority Service LDAP UDP connection
  Name = Local Security Authority Service LDAP UDP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the remote port is 389
  Allow it
    and stateful inspection
  
  
• Local Security Authority Service LDAP TCP connection
  Name = Local Security Authority Service LDAP TCP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is LDAP
  Allow it
    and stateful inspection
  
  
• Local Security Authority Service DCOM dynamic port allocation
  Name = Local Security Authority Service DCOM dynamic port allocation
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is 1025-1040
  Allow it
  
  
• Local Security Authority Service DCOM connection
  Name = Local Security Authority Service DCOM connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DCOM
  Allow it
  
• DNS Resolving (TCP)
  Name = Allow DNS Resovling (TCP)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DOMAIN
  Allow it
  
• DNS Resolving (UDP)
  Name = Allow DNS Resolving (UDP)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the direction is Outbound
    and the remote port is DNS
  Allow it
    and stateful inspection
  

services.exe (Windows Service Controller)

Name = services.exe
Description =
Type = custom

Rules

• Services DCOM connection
  Name = Services DCOM connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DCOM
  Allow it
  
  
• Services DCOM dynamic port allocation
  Name = Services DCOM dynamic port allocation
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is 1090-1110
  Allow it
  
  
• Services LDAP connection
  Name = Services LDAP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is LDAP, 3268
  Allow it
  
  
• Allow DNS Resolving (TCP)
  Name = Allow DNS Resolving (TCP)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DOMAIN
  Allow it
  
  
• Allow DNS Resolving (UDP)
  Name = Allow DNS Resolving (UDP)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the direction is Outbound
    and the remote port is DNS
  Allow it
    and stateful inspection
  
  
• Allow DHCP
  Name = Allow DHCP
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the remote port is BOOTPS
    and the local port is BOOTPC
  Allow it
  
  
• Allow DHCP (v6)
  Name = Allow DHCP (v6)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the remote port is DHCP_Server
    and the local port is DHCP_Client
  Allow it

svchost.exe (Service Host)

Name = svchost.exe
Description =
Type = custom

Rules

• Allow DNS Resolving (TCP)
  Name = Allow DNS Resolving (TCP)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DOMAIN
  Allow it
  
  
• Allow DNS Resolving (UDP)
  Name = Allow DNS Resolving (UDP)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the direction is Outbound
    and the remote port is DNS
  Allow it
    and stateful inspection
  
  
• Allow DHCP
  Name = Allow DHCP
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the remote port is BOOTPS
    and the local port is BOOTPC
  Allow it
  
  
• Allow DHCP (v6)
  Name = Allow DHCP (v6)
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is UDP
    and the remote port is DHCP_Server
    and the local port is DHCP_Client
  Allow it

userinit.exe (User Initialization)

Name = userinit.exe
Description =
Type = custom

Rules

• Microsoft Userinit LDAP connection
  Name = Microsoft Userinit LDAP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is LDAP, 3268
  Allow it
  
  
• Microsoft Userinit DCOM Connection
  Name = Microsoft Userinit DCOM Connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DCOM
  Allow it
  

winlogon.exe (Windows Logon)

Name = winlogon.exe
Description =
Type = custom

Rules

• Microsoft Winlogon LDAP connection
  Name = Microsoft Winlogon LDAP connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is LDAP, 3268
  Allow it
  
  
• Microsoft Winlogon DCOM connection
  Name = Microsoft Winlogon DCOM connection
  Enabled = true
  High Priority = false
  Ignore Checksum = false
  Default Rule = true
  
  Where the protocol is TCP
    and the direction is Outbound
    and the remote port is DCOM
  Allow it

6. Process-control settings

Hidden processes

• Warn = true

Raw sockets

• Warn = true

7. Log settings

• Keep All Records = false
• Expired Days = -1
• Max Records = -1
• Max Database Size = 50

8. Checksum settings

No checksums are preconfigured.

If you need more information or guidance, then please contact technical support.

• Article ID: 16608
• Created: 20 Jul 2006
• Last updated: 11 Oct 2006

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement