Firewall: System Rules

This Article Applies to:

  • AVG Business Cloud Console
  • AVG Business On-Premise Console

System Rules are basic rules for common network applications and functions. These take precedence over Application and Advanced Packet rules. We recommend you ensure these rules are controlled by your Console for maximum security across your network.

For most of these rules, you can choose to Enable, Disable, or Decide based on packet rules. If you select the last option, be sure there are packet rules configured for the type of traffic you can expect in Firewall: Advanced Packet Rules.

Most network environments enable Allow Windows File and Printer Sharing and/or Allow remote desktop connections to this computer. Your network may require slightly different configuration.

System Rule Descriptions

  • Allow Windows File and Printer Sharing: authorizes other devices in the network to access shared folders and printers on devices
  • Allow remote desktop connections to this computer: authorizes other devices in the network to remotely access and control devices when the Remote Desktop service is enabled
  • Allow incoming ping and trace requests (ICMP): authorizes incoming Internet Control Message Protocol messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues
  • Allow outgoing ping and trace requests (ICMP): authorizes ourgoing Internet Control Message Protocol messages
  • Allow IGMP traffic: authorizes multicast communication using the Internet Group Management Protocol, which is required by some media streaming services for more efficient use of resources during activities such as video streaming and gaming
  • Allow multicast traffic: authorizes applications and services for media streaming when distributing content to groups of multiple recipients in a single transmission, which is necessary for activities such as video-conferencing
  • Allow DNS: authorizes communication with Domain Name Servers which enables devices to recognize the IP addresses of the websites you visit
  • Allow DHCP: authorizes communication using the Dynamic Host Configuration Protocol to automatically provide devices with IP addresses and other related configuration information such as the subnet mask and default gateway
  • Allow VPN connections via PPTP: authorizes connections to Virtual Private Networks based on the POint-To-Point Tunneling Protocol. This protocol is known to present numerous security risks
  • Allow VPN connections via L2TP-IPSec: authorizes connections to Virtual Private Networks based on a more secure combination of the Layer 2 Tunneling Protocol and Internet Protocol Security
  • Allow stealth mode for public networks: prevents attackers from uncovering information about devices and running services when your Firewall is in Public mode, which is the Network Profile that should be set when you are connected to a public network