How to Configure Firewall for Mac?

The connections between your network ports and applications on your computer can be allowed or blocked by configuring Firewall for macOS with Hexnode UEM. Firewall can obstruct a third party from exploiting the applications on your device. It helps protect your Mac from security attacks by creating a barrier between the internal and external networks. A Firewall obstructs all unauthorized incoming connections from the internet before it reaches the application without hindering the outgoing connections and network access. Mac Firewalls are most essentially useful if the device is connected to a public network as chances of vulnerability are high in such situations. It’s a good idea to make use of the Firewall before accessing a public network.

Turning on Firewall in Mac

To turn on Firewall using Hexnode UEM,
 

1. Navigate to the Policies tab on the Hexnode MDM console.
2. Continue with an existing policy or create a new one by clicking on New Policy. Provide a policy name and description if you are creating a new policy.
3. From macOS > Security, choose Firewall. Click Configure.
4. Click Enable Firewall.

Enable Stealth Mode

Are you worried about security attackers scanning the ports of your Mac or pinging your machine on the internet? Don’t panic. You can easily prevent others from discovering your Mac just by checking the Enable Stealth Mode option using Hexnode UEM.

Enabling Stealth Mode blocks the Mac from responding to probing requests. The incoming requests for authorized apps are still acknowledged by the Mac, while unexpected requests such as ICMP (ping) and connection attempts from closed TCP or UDP network are disregarded.

It is recommended not to enable stealth mode off if the device does not get connected frequently to external networks.
 

The following steps will outline how to enable Stealth Mode using Hexnode UEM.

1. Go to the Firewall policy for macOS and click Configure.
2. Click Enable Firewall.
3. Check the Enable stealth mode option.

Block all incoming connections

Blocks all incoming network connections except those required for basic internet services, such as DHCP, Bonjour, and IPSec. The sharing services like file sharing and screen sharing are also blocked. This firewall setting is not recommended, as it highly hinders your activities with your machine.
 

Here are the steps to block all incoming connections.

1. Go to the Firewall policy for macOS and click Configure.
2. Click Enable Firewall.
3. Check Block all incoming connections.

Allow/block incoming connections to specific applications

You can follow these steps to allow/block incoming connections to your desired apps.

1. Go to the Firewall policy for macOS and click Configure.
2. Click Enable Firewall.
3. Click on Allow incoming connections or Block incoming connections as per your requirement.

To add apps,

Click on +Add app > Choose the desired apps > click Done.

If you think that you no longer need some of the apps listed here, you can easily remove them just by clicking the Delete button. You can also choose the Remove all option to discard the selection of all apps.

Associate policy with macOS devices

If you’ve not saved the policy yet, you can

1. Go to Policy Targets.
2. Click on + Add Devices.
3. Choose the devices with which the policy needs to be associated.
4. Click OK when you are done adding the devices.

You can also associate policies with device groups, users, user groups, or domains from the left pane underneath the Policy Targets tab.

If you are on a page that lists the policies,

1. Check a policy.
2. From Manage, select Associate Targets.
3. Select the required devices and click Associate.

What happens at the device end?

Once the policy is associated, users will not be able to modify the Firewall settings under System Preferences > Security & Privacy. The settings as configured in the policy will be enforced.