Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-16-2023 03:04 PM
Hi Everyone,
I am trying to configure host firewall using Cortex XDR, in the documentation, it mentions:
The Cortex XDR host firewall rules leverage the operating system firewall APIs and enforce these rules on your endpoints, but not your Windows or Mac firewall settings.
Which I understood that it will not affect the Local Windows Firewall.
I proceeded with configuring following the steps, and once I created a profile rule, I got the below message:
You have assigned a non-default HFW profile. This will move control from Windows FW to Cortex HFW and Windows firewall rules will no longer apply (agent version 7.5 and above).
Does this mean that it will disable Windows built-in firewall? Since I willing to run Cortex Firewall to be applied only on external network for certain IPs. Will this disable all the rules applied by Windows Local Firewall?
Regards,
Ammar
05-16-2023 09:36 PM
Hi @AmmarJi ,
Thank you for writing to live community!
When we talk about using the host firewall using Cortex XDR, the agent uses the same APIs used by Windows Native host firewall ie. the Windows filtering platform. Because we blend well with native environment on the Windows side, we use the same APIs and as a result, we disable the Windows firewall as a feature. This means that the rules on the Windows native firewall will be disabled once the rules on Cortex XDR host firewall is activated.
Hope this answers your query.
Regards,
05-16-2023 09:36 PM
Hi @AmmarJi ,
Thank you for writing to live community!
When we talk about using the host firewall using Cortex XDR, the agent uses the same APIs used by Windows Native host firewall ie. the Windows filtering platform. Because we blend well with native environment on the Windows side, we use the same APIs and as a result, we disable the Windows firewall as a feature. This means that the rules on the Windows native firewall will be disabled once the rules on Cortex XDR host firewall is activated.
Hope this answers your query.
Regards,
05-16-2023 10:59 PM
Hi Neelrohit,
So in case we have rules applied on the Native Windows Firewall, we will need to migrate and apply the same rules on Cortex XDR to achieve the same configuration?
Ammar,
05-16-2023 11:05 PM
That is correct. If you have windows native firewall rules enabled, you might want to import those and add it to Cortex XDR host firewall rules.
05-16-2023 11:22 PM
Thank you for the answer.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
