for the long time I used global rule “allow outgoing” with firewall set up in safe mode
when (not block by me in apps rules section) some app wanted to connect to internet (outgoing connection) default global rule “allow all outbound” was activated - connection allowed - no warnings
after upgrade to CIS 7
almost same settings (disabled automatic adding files as trusted in file rating module - im tired of growing that list to enormous size)
when some app want to do outbound connection - warning pops up → global rule for allow all outbound is ignored why ??? but when I enabled logging for that rule I saw this rule to be active with some processes…
It looks like higher priority in “firewall safe mode” has the list of trusted files than global rules list… is it true ??? if safe mode is enabled (not custom rules) and file is missing on trusted file list in file rating module then global rules list is ignored… and how this behavior affects apps list ?
is your configuration in default mode : safe or training ? what have you changed in the settings ?
pop_up can be unchecked
global rule it is a little like no rules
has the list of trusted files than global rules list… is it true if safe mode is enabled (not custom rules) and file is missing on trusted file list in file rating module then global rules list is ignored… and how this behavior affects apps list ?
i do not understand the questions _ sorry
Outgoing trafic first goes through Application Rules and then through Global Rules. Global Rules will allow outgoing traffic in general. So, you block outgoing traffic with an application rule.
The firewall will allow outgoing traffic from Trusted Applications. You decided to not use Trusted Applications list anymore. Because of this you will be alerted for outgoing traffic.
Maybe my sentences are too complicated LOL i’ll try to simplify
how firewall works with “safe mode” enabled and “file rating - auto adding files” disabled ?
check for blocking rules in apps rules list and if none found show warnings for “untrusted files” (ignore “allow rules” in global rules list) ?
because safe mode is enabled so automatic “outgoing rules for trusted files” is applied but also file rating mode is disabled that means every file not on this list (cannot be automatically added because of disabled module) generates popup warning even if there are global allow outgoing rule?
my situation for now is I don’t now why my global rule is ignored and I see a pop up when app want to establish outgoing connection
in CIS 6.x it seemed to me that “safe mode” of the firewall worked as in custom rules mode + in addition automatic allow of outgoing traffic for trusted files (every rule manual and auto generated is processed)
now if I want to have processed full app and global set of rules also for “untrusted files” I need to set Firewall in “custom rules” mode and only then “last global allow outgoing rule” will match and work for both “trusted” and “untrusted” files
EDIT
maximum simplicity
now in CIS 7
when Firewall is set to “safe mode” and “untrusted file” (missing on trusted files list) tries to establish outgoing connection -->> global rule that always allows for outgoing connections is ignored correct ? If I want to use global rule that allows outgoing connections “for all” trusted, and untrusted I need to set firewall to custom rules mode correct ?
