Cortex XDR Host Firewall behavior Question

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR Host Firewall behavior Question

L1 Bithead

Hi Everyone,

 

I am trying to configure host firewall using Cortex XDR, in the documentation, it mentions:

 

The Cortex XDR host firewall rules leverage the operating system firewall APIs and enforce these rules on your endpoints, but not your Windows or Mac firewall settings.

Device Control • Cortex XDR Prevent Administrator Guide • Reader • Palo Alto Networks documentation ...

Which I understood that it will not affect the Local Windows Firewall.

 

I proceeded with configuring following the steps, and once I created a profile rule, I got the below message:

 

You have assigned a non-default HFW profile. This will move control from Windows FW to Cortex HFW and Windows firewall rules will no longer apply (agent version 7.5 and above).

 

Does this mean that it will disable Windows built-in firewall? Since I willing to run Cortex Firewall to be applied only on external network for certain IPs. Will this disable all the rules applied by Windows Local Firewall?

 

Regards,

Ammar

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @AmmarJi ,

 

Thank you for writing to live community!

 

When we talk about using the host firewall using Cortex XDR, the agent uses the same APIs used by Windows Native host firewall ie. the Windows filtering platform. Because we blend well with native environment on the Windows side, we use the same APIs and as a result, we disable the Windows firewall as a feature. This means that the rules on the Windows native firewall will be disabled once the rules on Cortex XDR host firewall is activated. 

 

Hope this answers your query. 

 

Regards,

View solution in original post

4 REPLIES 4

L5 Sessionator

Hi @AmmarJi ,

 

Thank you for writing to live community!

 

When we talk about using the host firewall using Cortex XDR, the agent uses the same APIs used by Windows Native host firewall ie. the Windows filtering platform. Because we blend well with native environment on the Windows side, we use the same APIs and as a result, we disable the Windows firewall as a feature. This means that the rules on the Windows native firewall will be disabled once the rules on Cortex XDR host firewall is activated. 

 

Hope this answers your query. 

 

Regards,

Hi Neelrohit,

 

So in case we have rules applied on the Native Windows Firewall, we will need to migrate and apply the same rules on Cortex XDR to achieve the same configuration?

 

Ammar,

That is correct. If you have windows native firewall rules enabled, you might want to import those and add it to Cortex XDR host firewall rules.

 

Thank you for the answer.

  • 1 accepted solution
  • 2665 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!