The Firewall payload allows admins to configure firewall rules within the Knox container.

The available rules are: Allow, Deny, Reroute. Each firewall rule type allows you to add multiple rules.


  1. Navigate to Devices > Profiles & Resources > Profiles > Add > Add Profile > Android (Legacy).
  2. Select Container.
  3. Configure the profile's General settings. These General profile settings determine how the profile is deployed and who receives it.
  4. Select the Firewall tab.
  5. Select the Add button under the desired rule to configure the setting:
    Settings Description
    Allow Rules

    Allows the device to send and receive from a specific network location.

    Deny Rules Blocks the device from sending and receiving traffic from a specific network location.
    Reroute Rules Redirects traffic from a specific network location to an alternate network.
    Redirect Exception Avoids traffic from being redirected.
  6. Select Save & Publish.