To get started using Carbon Black Cloud Host-based Firewall, you must select the default rule. The default rule sets the baseline behavior for the Host-based Firewall policy – allow all behaviors by default and have user-defined block rules or block all behaviors by default and have user-defined allow rules.

Procedure

  1. On the left navigation pane, click Enforce > Policies.
  2. Select the policy.
  3. Click the Host-based Firewall tab.
  4. Click the select the default rule link.
    Image of the select default rule link on the Host-based Firewall tab
    • Allow all traffic: Allows all network traffic except for behaviors blocked by specific rules created in the policy.
    • Block all traffic: Blocks all network traffic except for behaviors allowed by specific rules created in the policy.
    Important: Policies throughout Carbon Black Cloud are constructed to allow everything except known bad behavior. Host-based Firewall is similarly optimized for this mode of operation. Selecting Block all traffic as the default rule can be highly disruptive to assets that are managed by Carbon Black Cloud. If you choose this default rule, take special care to ensure that user behavior is not significantly negatively impacted.
  5. Click Confirm.

Results

The default rule displays in the console. You can edit the default rule by clicking the pencil icon to the right of the rule if the Host-based Firewall policy setting is not enabled.

What to do next

Add a Host-based Firewall Rule Group.