Allow User to change Firewall Setting

New Contributor III

Hi, It seems we are unable to do this, since upgrading 10.15.5 some users are unable to change their firewall settings. The option is greyed out. We would like to give users the ability to turn on and off the FW for development.



Honored Contributor II

You've likely installed a configuration profile with the Security & Privacy payload to the Mac — probably to enable FileVault. Edit your profile to enable the firewall and update your Macs. That should take care of it.

New Contributor

We're having a similar issue. If we enable the firewall, the users cannot allow apps through it (it's greyed out).


New Contributor II
New Contributor II

The way of Configuration Profiles works is that once you establish a setting with a configuration profile, the user cannot change anything on that particular setting, in this case firewall. If you enabled Firewall with a CF, the user cannot modify any of the other settings in the Firewall Pane

Contributor II

Victor is correct. Configuration profiles act very much like Active Directory Group Policies. Once they are set, the settings are centrally managed by IT and cannot be changed by the end user. If you have a group of developers you'll have to exempt their machines from your Firewall policy scope so that they can turn it on and off themselves.

macOS should automatically add 'signed' software to its application firewall list if they require incoming connections. It may also prompt the end user to ask if they want to allow the program to recieve incoming connections. If they say yes, it will auto add the program.

Jamf Pros current security and privacy configuration profile payload has over 13 settings in it O_o? One of which is the Application Firewall setting. If you didn't set this, the interface will be greyed out and the firewall will remain off.