With Falcon Firewall Management, you can create firewall rules, rule groups, and polices to precisely define what network traffic is allowed and blocked. When enforced, Falcon’s firewall policies override the firewall settings on each assigned host.
- Rules: Individual firewall rules define precise network traffic that is allowed or blocked and whether you want to see associated events in the console.
- Rule Groups: Firewall rules are created and organized within firewall rule groups. You may choose to start with an empty group and build it out, or start with a CrowdStrike preset rule group, a collection of core rules that you can edit for your needs. You may also start a new rule group by copying one of your own groups to edit as needed. Rules are enforced in the precedence order you define in their rule group.
- Policies: Firewall rule groups organize your firewall rules so that they can be easily assigned to firewall policies. A firewall policy is then configured to allow or block any remaining incoming and outgoing network traffic that is not defined by its assigned rules.