[KB3190] Firewall filtering modes in ESET Windows home products (15.x — 16.x)



Click to expand

The ESET Firewall monitors and controls communication within the local network or internet. The firewall analyzes communication activities using pre-defined rules and uses the rules to decide which traffic to allow or block. There are four firewall filtering modes to choose from; each one is designed for a specific type of application or level of security. To change the behavior of your firewall, select your desired filtering mode.


Firewall troubleshooting

This article is part of a series of recommended steps to troubleshoot firewall issues. Start with step 1.

Change the filtering mode of the ESET Firewall

  1. Open the main program window of your ESET Windows product.

  2. Press the F5 key to open Advanced setup.

  3. Click Network Protection  Firewall. Select your desired filtering mode from the Filtering mode drop-down menu and click OK to save your changes. Continue to the next section for a summary of each filtering mode.

Figure 1-1

Explanation of filtering modes

The filtering mode influences the behavior of the firewall and the level of user interaction required. The filtering modes for the ESET firewall are listed below:

Automatic mode — The default mode for easy and convenient use. Custom, user-defined rules can be created but are not required. Automatic mode enables all outbound traffic for a given system and blocks most inbound traffic. Allowed inbound traffic includes traffic from the Trusted Zone, as specified in IDS and advanced options, and inbound traffic responding to recent outbound communications.

Interactive mode — Custom configuration mode. Network communication is handled according to pre-defined rules. If there are no pre-existing rules that apply to a detected communication, the user will be prompted to allow or deny the connection. The decision to allow or deny can be saved as a new rule for the firewall. When a new rule is created, all future connections of this type will be allowed or blocked according to that rule. Using Interactive mode, the user will be able to create a customized group of rules.

This mode is not intended for prolonged use. We recommend that you disable Interactive mode after you have established a set of rules for use in your environment. Use caution when choosing Interactive mode in a corporate environment because inattentive users can accidentally create rules that might expose them to risk or hinder their ability to communicate over the network.

Policy-based mode — Policy-based mode for advanced users. Network communication is handled according to user-defined rules that grant only desired and secure connections. All other unspecified connections will be blocked by the firewall. We recommend that you only select Policy-based mode if you are an administrator who intends to control network communication and you know which applications should be allowed or denied.

Learning mode — Automatically creates and saves rules; this mode is suitable for the initial configuration of the firewall. No user interaction is required since the ESET firewall saves rules according to pre-defined parameters. Learning mode should only be used until all rules for required communications have been created to avoid security risks. The firewall should then be set to Automatic mode or Policy-based mode.