I've been tasked with some CIS recommendations for our apple estate.
I am currently mulling over the firewall parts of this. Do you guys enable firewalls in your estate? It seems like a no-brainer, but this isn't windows and i don't know how much it really helps on the mac side. There are a lot fewer programs actively listening for ports and connections.
Also with that, if i implement it now, what programs would it break? How do you guys handle this? Do you find its good to have one or not worth it?
We use two scripts to configure the in-built application firewall. The first enables it and sets the relevant options: https://github.com/UoE-macOS/jss/blob/master/coreconfig-application-firewall.sh
The second adds exceptions for apps which require access: https://github.com/UoE-macOS/jss/blob/master/coreconfig-application-firewall-add-exception.sh
In our environment there are three main applications which need access Maple, Matlab and SPSS, these all use network based licensing so this isn't necessarily a surprise.
question to me is why would you not turn it on and enforce it being on? I always report on it using an EA and make sure it gets turned back on if somehow it goes off.
I have found profiles don't always turn it turn it on so a script is required initially but a profile stops it going off in my experience.