This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Firewall System Rules

This Article Applies to:

  • Avast Business Hub

 

Avast Firewall is another major component of Antivirus protection offered alongside Core Shields, and it is available for Windows workstations. Our Firewall monitors all network traffic between devices and the outside world to help protect you from unauthorized communication and intrusions.

Firewall's system rules control network traffic for the most common connection types. These take precedence over both application and advanced packet rules. The system rules have been expanded to allow the users to configure each rule separately for private and public networks, providing thus more control over the behavior of the Firewall.

We recommend you only modify these rules if absolutely necessary. In most cases, Firewall formulates optimal rules without any user input.

Configuring System Rules

To access Firewall system rules:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Select the Settings tab, then Firewall
  4. Expand the Firewall Settings section
  5. Select the Firewall rules tab, then System rules

At the top of the Firewall rules tab, you can allow local configuration of all Firewall rules by selecting the Let user set their own rules option. However, we recommend choosing the Override all the local (user) rules option, ensuring these rules are controlled via the console for maximum security across your network.

The following rules can be configured here for both private and public networks:

  • Allow Windows File and Printer Sharing: Authorizes other devices in the network to access shared folders and printers.
  • Allow remote desktop connections to this computer : Authorizes other devices in the network to remotely access and control devices when the Remote Desktop service is enabled.
  • Allow incoming ping and trace requests (ICPM): Authorizes incoming Internet Control Message Protocol messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues.
  • Allow outgoing ping and trace requests (ICPM): Authorizes outgoing Internet Control Message Protocol (ICMP) messages.
  • Allow IGMP traffic: Authorizes multicast communication using the Internet Group Management Protocol, which is required by some media streaming services for more efficient use of resources during activities such as video streaming and gaming.
  • Allow multicast traffic: Authorizes applications and services for media streaming when distributing content to groups of multiple recipients in a single transmission, which is necessary for activities such as video-conferencing.
  • Allow DNS: Authorizes communication with Domain Name Servers which enables devices to recognize the IP addresses of the websites you visit.
  • Allow DHCP: Authorizes communication using the Dynamic Host Configuration Protocol to automatically provide devices with IP addresses and other related configuration information such as the subnet mask and default gateway.
  • Allow VPN connections: Authorizes Virtual Private Networks connections that use PPTP (Point-to-Point Tunneling Protocol) and L2TP-IPSec (Layer 2 Tunneling Protocol over Internet Protocol Security)
    • The previous Allow VPN connections via PPTP and Allow VPN connections via L2TP-IPSec rules (console version 8.83 and older) have been merged for simplification of the configuration. If you had any specific configuration for the previous rules, the PPTP rules will be used. For example, if you blocked L2TP-IPSec but allowed PPTP, the new rule will be set to allow.

 

You can choose if a connection is allowed or blocked, or you can let Firewall decide based on packet rules. If you select the last option, ensure the Firewall Advanced Packet Rules for that connection are configured.

Under the Preferences section at the bottom of the settings, you can also enable/disable the following options by ticking/unticking the checkboxes next to them:

  • Show notifications about newly created ‘allow’ rules: Pop-up notifications will be displayed when Avast allows a new communication path.
  • Show notifications about newly created ‘block’ rules: Pop-up notifications will be displayed when Avast blocks a new communication path.