Not sure how to do this, as there are so many menus and options, and I don’t even know what’s there out of the box… (overwhelming)
I want to configure something like this :
All NICs, all subnets, All inbound traffic is allowed (I don’t care who tries to contact me… wide open.)
All NICs, all subnets, All outbound traffic is blocked (I don’t want any data leaving that I do not approve)
And I want to do per-application unblocks on outbound traffic, so that I can mark whatever app I want as “OK” to talk to anyone (internet, intranet, I don’t care, just per application).
And I want this to include the operating system. No ‘phoning home’ or ‘configuration information reporting’ exceptions for the system.
ICMP traffic doesn’t bother me. People can ping me all they want.
Just to answer the initial query, Have you tried Ganda? (forum joke).
To actually answer your question, you will need to create some rules and remove some rules. Go to Firewall->Advanced->Network security policy->Here you will find Application and Global rules. For Outgoing traffic application rules are consulted first then Global. Vise-versa for incoming.
So go to Global rules and remove all entries(this takes global rules out of the equation)
Now in Application Rules you can do the same but we need to create a rule to allow incoming for all applications. After removing all the rules click on “Add” then on “Select” choose File Groups then All Applications.
All Application should appear in the Application Path box. Now to create an Allow all incoming rule. Click on “Add” and create the rule Allow IP in from IP ANY to IP ANY Where Protocol is Any then click APPLY. Now click OK. You should end up with your application rules like the picture(or similar as that is from CIS4)
Now we also need to stop any rules being created for apps and to ensure you get an alert for Outgoing. To do this go to Firewall->Advanced->Firewall Behaviour Settings->Move the slider up to “Custom” and in the “Alert settings” window set the slider to at least “High”.
You should now receive an alert for anything which doesn`t have a rule for it in Application rules, and as you have no rules…