.. _windows-firewall:

Control Windows Firewall
==================================

| When you use the **Enable automatic rule settings on plug-in assignment option.**
| **Windows Firewall outbound rule is set** with the **permission object information of the enforcement policy** to which the node belongs.
| Additional Windows Firewall restrictions can be configured in the Agent Plugin settings.

Configure Network Control Options
---------------------------------

#. **Notification** : Prompts the user for pop-up when setting up automatic rules.
#. **Message** : Enter the contents of the pop-up message when setting up the automatic rule.
#. **Custom Rule** : Set Windows Firewall rules yourself.
#. **Using FailSafe** : Stop the plug-in if it cannot connect to the Policy Server.

Add Agent Action to a Policy
----------------------------

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Agent Action** in the left Policy panel.
#. Find and click **Control Windows Firewall** in the Agent Action Window.
#. Add **Conditions** and **Agent Actions**.
#. Go to **Policy > Node Policy** in the left Policy panel.
#. Find and Click the **Node policy** to configure the network blocking policy.
#. Find **Agent Action** section. Click **Assign**.
#. Locate **Control Windows Firewall** and move to **Selected** column.
#. Click **Add**.
#. Click **Apply** in the top right. Click Close.

Configure Network Blocking Policies in Enforcement Policy
---------------------------------------------------------

**Step 1. Create Agent Action For Enforcement Policy**

#. Go to **Policy** in the top panel.
#. Go to **Enforcement Policy > Agent Action** in the left panel.
#. Go to **Tasks > Create**.

| Under **General**

#. For **ID**, type unique name.
#. For **Description**.(*Brief description of what this Node Group is for*).
#. Find **Agent Action** section and configure the following options:

     - **OS Type** (*Windows*)
     - **Condition** (*Set the operating conditions*)
     - **Plugin** (*Network Control*)
     - **Settings** (*Set user notifications and custom rules*)
     - **Language** 
     - **OS Edition**

#. Click **Create**
#. Click **Apply** in top right corner.

.. note:: Using the agent action in enforcement policy is an optional usage of the agent action, and not actually required.

**Step 2. Create Enforcement Policy**

#. Go to **Policy** in the top panel.
#. Go to **Policy > Enforcement Policy** in the left Policy panel.
#. Click **Tasks > Create**.
#. **Action** tab click **Next**
#. **General** tab create an **ID** and enter brief **Description** to identify what the Policy does(*Prioity stays as default. Status should be Enabled*) Click **Next**.
#. **Node Group** tab select the **Node Group** that was created, move to **Selected** section and Click **Next**.
#. **Permission** tab select **Available Permission** and move to **Selected** and click **Next**
#. **Redirection Action** tab is optiuonal to set **CWP** and **Switch Block options**. Click **Next**.
#. **Agent Action** tab is **optional** to add **Agent Action**. Click **Finish**.