Push a firewall profile with the Workspace ONE Intelligent Hub v2.2+ for macOS to filter unauthorized connections to your enterprise network.

Using the native firewall combined with the Workspace ONE Intelligent Hub, you can monitor firewall settings and revert settings if unauthorized changes occur. Also, use the firewall to control incoming connections and protect computers against probing requests.

Procedure

  1. Navigate to Resources > Profiles & Baselines > Profiles and select Add. Select Apple macOS, and then select Device Profile, since this profile is only applicable to the entire device.
  2. Configure the profile's General settings.
  3. Select the Firewall payload.
  4. Select Enable to allow firewall protection.
  5. Configure the following firewall settings:
    Description Setting
    Block all incoming connections Select this to block all incoming connections from sharing services, except for connections required for basic Internet services.
    Automatically allow signed software to receive incoming connections Select this to automatically allow only software signed by a developer and approved by Apple to provide services accessed from their network.
    Enable stealth mode Select this to prevent the computer from responding to or acknowledging requests made from test applications.
  6. Select Save & Publish to push the profile to the device. All Workspace ONE Intelligent Hub functionality continues including Push Notifications even if Block incoming connections is selected.