Allow User to change Firewall Setting

j_allenbrand
Contributor

Hi, It seems we are unable to do this, since upgrading 10.15.5 some users are unable to change their firewall settings. The option is greyed out. We would like to give users the ability to turn on and off the FW for development.

a5d2cbdacfda4c428cc48c23223491eb

4 REPLIES 4

talkingmoose
Moderator
Moderator

You've likely installed a configuration profile with the Security & Privacy payload to the Mac — probably to enable FileVault. Edit your profile to enable the firewall and update your Macs. That should take care of it.

im-at-sc
New Contributor

We're having a similar issue. If we enable the firewall, the users cannot allow apps through it (it's greyed out).

2a624b9c0be84cabbf1907dbc201b2dc

Victor_Barrera
New Contributor II
New Contributor II

The way of Configuration Profiles works is that once you establish a setting with a configuration profile, the user cannot change anything on that particular setting, in this case firewall. If you enabled Firewall with a CF, the user cannot modify any of the other settings in the Firewall Pane

snowfox
Contributor III

Victor is correct. Configuration profiles act very much like Active Directory Group Policies. Once they are set, the settings are centrally managed by IT and cannot be changed by the end user. If you have a group of developers you'll have to exempt their machines from your Firewall policy scope so that they can turn it on and off themselves.

macOS should automatically add 'signed' software to its application firewall list if they require incoming connections. It may also prompt the end user to ask if they want to allow the program to recieve incoming connections. If they say yes, it will auto add the program.

Jamf Pros current security and privacy configuration profile payload has over 13 settings in it O_o? One of which is the Application Firewall setting. If you didn't set this, the interface will be greyed out and the firewall will remain off.