Control macOS Firewall

• Allow or block traffic based on rules.

• Control network traffic using rules such as App BundleID, App Path, protocol, port, remote IP, etc.

Configure macOS Firewall Control Options

1. Rule Selection: You can select a general rule and an Internet Kill Switch rule.

2. General Rule: Allows all Internet except for the connection blocking rule. It operates in BlackList mode.

3. Internet Kill Switch: Blocks all Internet except for the connection allowance rule. It operates in WhiteList mode.

4. Connection Allow/Block Rule: Select the conditions of the rule you want to control using direction, app path, app bundle ID, protocol, remote IP, port, etc.

5. Notification Message: Displays a pop-up message to the user when traffic is blocked due to a rule.

6. Prevent Duplicate Message Notification: Does not display duplicate notification messages when multiple traffics occur at short intervals.

7. Prevent Duplicate Message Notification Time: Does not display duplicate notification messages for a specified period of time.

Internet Kill Switch

This feature automatically blocks general internet traffic on the endpoint when the VPN tunnel is abnormal or disconnected, preventing data/IP leaks.

• Ensures forced VPN connection when used with the Always-On option of the ZTNA Connection Manager action.

For instructions on using the ZTNA Connection Manager, refer to the ZTNA-Client document.

Configuration Method

Assign the minimum policy required to connect to the VPN. When the Internet Kill Switch setting is On, all internet traffic is blocked, and it operates in a WhiteList manner.

1. Go to Policy in the top menu.

2. Go to Policy > Node Policy in the left policy menu.

3. Click the Node Policy to which you want to apply the Internet Kill Switch.

4. In the Agent Action section, assign the Control macOS Firewall node action.

5. Enable the Internet Kill Switch option.

When using ZTNA-Client, assign the minimum policy as follows.