Firewall

Set up basic firewall

1. Under Firewall configuration profiles, enter a profile name. For example Firewall_config1.

2. Under Allow rules > Allow rule, fill out the required information for the data you want to allow through the firewall, for example, any connection originating from your enterprise intranet.

3. Under Deny rules > Deny rule, fill out the required information for the data you want to block through the firewall, for example, popular social media sites.

   To ensure devices are not locked out of your network, give the following apps explicit allow rules. You must always set these allow rule exceptions if you are using DENY ALL rules.

   1. UEM Agent package — Contact your UEM for details.
   2. KSP package — com.samsung.android.knox.kpu
   3. Google services — com.android.vending, com.google.android.gms

4. In your UEM, save the configuration.

5. Under Firewall policy, turn on Enable Firewall controls.

6. Under Name of firewall configuration to user, enter the name of the profile you want to use. In this example we use the profile we created previously, namely, Firewall_config1.

7. In your UEM, save the profile and push it to a device.

Industry example

This example shows you how to configure a firewall that only allows traffic through for your UEM agent and internal intranet.

1. Under Firewall configuration profiles, enter a profile name. For example, Firewall_internalOnly.

2. Under Allow rules > Allow rule, fill out the required information to allow traffic for your UEM agent.

3. Under Allow rules > Allow rule, fill out the required information to allow traffic for intranet.

4. Test to make sure the previous configurations are working before you proceed to the next step.

5. Under Deny rules > Deny rule, under Hostname (IP or IP range) type * to use a wild card to block all other incoming traffic.

6. In your UEM, save the profile and push it to a device.