.. _Linux-firewall:

Control Linux Firewall
=============================

Internet Kill Switch
---------------------
This feature automatically blocks general internet traffic on the endpoint when the VPN tunnel is abnormal or disconnected, preventing data/IP leaks.

- Ensures forced VPN connection when used with the Always-On option of the ZTNA Connection Manager action.

For instructions on using the ZTNA Connection Manager, refer to the :doc:`../system/ztna_client` document.

Configuration Method
~~~~~~~~~~~~~~~~~~~~
Assign the minimum policy required to connect to the VPN.
When the Internet Kill Switch setting is On, all internet traffic is blocked, and it operates in a WhiteList manner.

1. Go to **Policy** in the top menu.
2. Go to **Policy > Node Policy** in the left policy menu.
3. Click the Node Policy to which you want to apply the Internet Kill Switch.
4. In the **Node Action** section, assign the **Control Linux Firewall** node action.
5. Enable the **Internet Kill Switch** option.

When using ZTNA-Client, assign the minimum policy as follows.

.. list-table::
    :header-rows: 1
    :widths: 7 7 16 20

    * - Direction
      - Remote IP
      - Local IP
      - Protocol

    * - Outbound
      - All
      - ZTNA Gateway IP or Domain
      - TCP, Local Port: All, Remote Port: 1194