Help

Firewall management methodology

LaMantia
New Contributor III

Posted on ‎02-12-2020 08:50 AM

Hello!

We currently do not enforce the firewall on macOS but will be doing so shortly. A few questions. 1. What is the industry trend? I assume it’s locking down ALF with a configuration profile and not with PF.

  1. If ALF, what is the best method to manage rules and exception? We do this via on-prem AD GPO on windows devices.

Any thoughts or insights? I’ve been researching a lot but coming up with little. Thank you in advance for ANY info.

Reply
5 REPLIES 5

LaMantia
New Contributor III

Posted on ‎02-12-2020 08:52 AM

Formatting got funky but there are two main questions.

  1. What is the industry trend? I assume it’s locking down ALF with a configuration profile and not with PF.

  2. If ALF, what is the best method to manage rules and exception? We do this via on-prem AD GPO on windows devices.

0 Kudos
Reply

patgmac
Contributor III

Posted on ‎02-12-2020 01:46 PM

We enable the firewall, we don't manage rules or exceptions. Our users are admin's so they can add their own rules.

0 Kudos
Reply

LaMantia
New Contributor III

Posted on ‎02-12-2020 03:01 PM

Thanks for the info @patgmac. Anybody centrally manage the firewall?

0 Kudos
Reply

wyip
Contributor

Posted on ‎06-11-2020 10:20 AM

We're managing rules/exceptions with pf through Jamf. ALF does not really allow you to set up traditional firewall rules or handle exceptions, it only controls whether applications will allow inbound connections or not. Check out Jason Miller's talk on pf at Macadmins 2016 to get a good overview of pf on MacOS.

pf has its limitations but compared to some of the third party endpoint security/firewall solutions I've had to support on Macs, it's so much simpler to manage.

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎06-15-2020 08:37 PM

We just enable the FW via config profile and enable both strict and silent mode, so it just blocks all incoming connections, makes it easy

Reply