https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542404#M4366 <P>Hi Neelrohit,</P> <P>&nbsp;</P> <P>So in case we have rules applied on the Native Windows Firewall, we will need to migrate and apply the same rules on Cortex XDR to achieve the same configuration?</P> <P>&nbsp;</P> <P>Ammar,</P> Wed, 17 May 2023 05:59:25 GMT AmmarJi 2023-05-17T05:59:25Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542376#M4364 <P>Hi Everyone,</P> <P>&nbsp;</P> <P>I am trying to configure host firewall using Cortex XDR, in the documentation, it mentions:</P> <P>&nbsp;</P> <P><STRONG><U><EM>The&nbsp;<SPAN class="phrase">Cortex XDR</SPAN>&nbsp;host firewall rules leverage the operating system firewall APIs and enforce these rules on your endpoints, but not your Windows or Mac firewall settings.</EM></U></STRONG></P> <P><U><EM><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Device-Control" target="_blank">Device Control • Cortex XDR Prevent Administrator Guide • Reader • Palo Alto Networks documentation portal</A></EM></U></P> <P>Which I understood that it will not affect the Local Windows Firewall.</P> <P>&nbsp;</P> <P>I proceeded with configuring following the steps, and once I created a profile rule, I got the below message:</P> <P>&nbsp;</P> <P><EM><U><STRONG>You have assigned a non-default HFW profile. This will move control from Windows FW to Cortex HFW and Windows firewall rules will no longer apply (agent version 7.5 and above).</STRONG></U></EM></P> <P>&nbsp;</P> <P>Does this mean that it will disable Windows built-in firewall? Since I willing to run Cortex Firewall to be applied only on external network for certain IPs. Will this disable all the rules applied by Windows Local Firewall?</P> <P>&nbsp;</P> <P>Regards,</P> <P>Ammar</P> Tue, 16 May 2023 22:04:25 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542376#M4364 AmmarJi 2023-05-16T22:04:25Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542398#M4365 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/257307">@AmmarJi</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thank you for writing to live community!</P> <P>&nbsp;</P> <P>When we talk about using the host firewall using Cortex XDR, the agent uses the same APIs used by Windows Native host firewall ie. the Windows filtering platform. Because we blend well with native environment on the Windows side, we use the same APIs and as a result, we disable the Windows firewall as a feature. This means that the rules on the Windows native firewall will be disabled once the rules on Cortex XDR host firewall is activated.&nbsp;</P> <P>&nbsp;</P> <P>Hope this answers your query.&nbsp;</P> <P>&nbsp;</P> <P>Regards,</P> Wed, 17 May 2023 04:36:17 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542398#M4365 neelrohit 2023-05-17T04:36:17Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542404#M4366 <P>Hi Neelrohit,</P> <P>&nbsp;</P> <P>So in case we have rules applied on the Native Windows Firewall, we will need to migrate and apply the same rules on Cortex XDR to achieve the same configuration?</P> <P>&nbsp;</P> <P>Ammar,</P> Wed, 17 May 2023 05:59:25 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542404#M4366 AmmarJi 2023-05-17T05:59:25Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542405#M4367 <P>That is correct. If you have windows native firewall rules enabled, you might want to import those and add it to Cortex XDR host firewall rules.</P> <P>&nbsp;</P> Wed, 17 May 2023 06:05:51 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542405#M4367 neelrohit 2023-05-17T06:05:51Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542410#M4368 <P>Thank you for the answer.</P> Wed, 17 May 2023 06:22:19 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-host-firewall-behavior-question/m-p/542410#M4368 AmmarJi 2023-05-17T06:22:19Z