Category Filter

How to Configure Firewall for Mac?

The connections between your network ports and applications on your computer can be allowed or blocked by configuring Firewall for macOS with Hexnode MDM. Firewall can obstruct a third party from exploiting the applications on your device. It helps protect your Mac from security attacks by creating a barrier between the internal and external networks. A Firewall obstructs all unauthorized incoming connections from the internet before it reaches the application without hindering the outgoing connections and network access. Mac Firewalls are most essentially useful if the device is connected to a public network as chances of vulnerability are high in such situations. It’s a good idea to make use of the firewall before accessing a public network.

Turning on Firewall in Mac

To turn on Firewall using Hexnode MDM,
 

  1. Navigate to Policies tab in Hexnode MDM console.
  2. Continue with an existing policy or create a new one by clicking on New Policy. Provide a policy name and description if you are creating a new policy.
  3. From macOS > Security, choose Firewall. Click Configure.
  4. Click Enable Firewall.

turning the firewall on with hexnode mdm
Notes:

  • The Firewall cannot be turned off from your Mac device either by removing your device from the Policy Targets or by deleting the associated policy. Instead, you can do it manually by changing the device settings from your Mac.
  • Go to System Preferences > Security & Privacy > Turn Off Firewall > Click the lock to prevent further changes in the system settings.

Enable Stealth Mode

Are you worried about security attackers scanning the ports of your Mac or pinging your machine on the internet? Don’t panic. You can easily prevent others from discovering your Mac just by checking the Enable Stealth Mode option using Hexnode MDM.

Enabling Stealth Mode blocks the Mac from responding to probing requests. The incoming requests for authorized apps are still acknowledged by the Mac while unexpected requests such as ICMP (ping) and connection attempts from closed TCP or UDP network are disregarded.

It is recommended not to enable stealth mode off if the device does not get connected frequently to external networks.
 
Enable firewall and stealth mode on macOS

Following steps will outline how to enable Stealth Mode using Hexnode MDM.

  1. Go to the Firewall policy for macOS and click Configure.
  2. Click Enable Firewall.
  3. Check the Enable stealth mode option.

stealth mode enabled on macOS system settings
Note:

If you enable Stealth Mode from the Hexnode MDM console, the users will not be able to manually turn off Firewall from their Mac’s system preferences unless you remove the devices from the associated policy or delete the concerned policy.

Block all incoming connections

Blocks all incoming network connections except those required for basic internet services, such as DHCP, Bonjour, and IPSec. The sharing services like file sharing and screen sharing are also blocked. This firewall setting is not recommended, as it highly hinders your activities with your machine.
 
How to Configure Firewall for Mac with Hexnode MDM?

Here are the steps to block all incoming connections.

  1. Go to the Firewall policy for macOS and click Configure.
  2. Click Enable Firewall.
  3. Check Block all incoming connections.

Block all incoming connections to the system from the internet
Note:

If you block all incoming connections using Hexnode MDM, the users will not be able to manually turn off Firewall from their Mac devices unless you remove the devices from the associated policy or delete the concerned policy.

Allow/block incoming connections to specific applications

You can follow these steps to allow/block incoming connections to your desired apps.

  1. Go to the Firewall policy for macOS and click Configure.
  2. Click Enable Firewall.
  3. Click on Allow incoming connections or Block incoming connections as per your requirement.

To add apps,

Click on +Add app > Choose the desired apps > click Done.

If you think that you no longer need some of the apps listed here, you can easily remove them just by clicking the Delete button. You can also choose the Remove all option to discard the selection of all apps.

Allow or block incoming connections to apps
Notes:

  • The list of blocked apps won’t be removed from your Mac device either by removing your device from the Policy Targets or by deleting the associated policy. Instead, you can do it manually from your Mac’s device settings.
  • Go to System Preferences > Security & Privacy > Firewall Options > Select the apps to be unblocked > Click button > Click Ok > Click the lock to prevent further changes.

Associate policy with macOS devices

If you’ve not saved the policy yet, you can

  1. Go to Policy Targets.
  2. Click on + Add Devices.
  3. Choose the devices with which the policy needs to be associated.
  4. Click OK when you are done adding the devices.

You can also associate policies with device groups, users, user groups or domains from the left pane underneath the Policy Targets tab.

If you are on a page that lists the policies,

  1. Check a policy.
  2. From Manage, select Associate Targets.
  3. Select the required devices and click Associate.