Firewall Settings

The Firewall settings enforce firewall rules that block unauthorized access to the network.

The following table describes the firewall rules that you can configure for a device:
Policy setting Description Supported devices
Configure firewall block rules Firewall rules that block traffic on a device to and from a specific network location.

You can block traffic for the entire device or for specific apps on the device.

Options are:
  • Hostname: The IP address, IP range (for example, 100.0.0.0-100.0.0.10), or domain name that is blocked from sending and receiving traffic to the device. Use * to block all IP addresses.
  • Port: The port number or range of blocked ports. (For example, 8080-8085). Use * to block all ports.

    Note: Values such as 80* are not supported. Use the port range instead.

  • Port location: The port options that are defined in the block rules:
    • local port (device-level)
    • remote port
    • all ports

    For example, to block port 21 (FTP) on the device from receiving connections, you must block Local Port 21. Local ports are ports on the device.

  • Package name: The app name that contains the internet permissions.
  • Network interface: The network mode that is defined in the block rules:
    • Wi-Fi
    • Mobile Data
    • both
Samsung Knox with DO
Configure domain filtering rules This firewall rule blocks a specific domain from sending traffic to the device. This firewall rule also prevents the device from receiving traffic from a domain that is defined in the domain filter rules.

You can block traffic for the entire device or for specific apps on the device.

Samsung Knox with DO
Configure reroute rules This firewall rule redirects traffic to another destination such as a proxy server.

Options are:

  • Hostname of target: The IP address, IP range (for example, 100.0.0.0-100.0.0.10), or domain name of the device attempting to hit a target location.
  • Port for target: The port number or range of ports that reroute traffic. (For example, 8080-8085). Use * to use all ports.

    Note: Values such as 80* are not supported. Use the port range instead.

  • Hostname of destination: The host name (IP address) of the reroute destination.
  • Port for destination: The port number of the reroute destination.
  • Package name: The app name that contains the internet permissions.
  • Network interface: The network mode that is defined in the reroute rules:
    • Wi-Fi
    • Mobile Data
    • both
Samsung Knox with DO
Configure redirect exceptions This firewall rule contains redirect exceptions. This firewall rule takes precedence over reroute rules.
Options are:
  • IP address: The IP address or IP range (for example, 100.0.0.0-100.0.0.10). Use * to include all IP addresses in the redirect exception.

    Note: Values such as 100.0.0.* are not supported. Use the port range instead.

  • Port: The port number or range of ports that are used to redirect traffic. (For example, 8080-8085). Use * to use all ports in the redirect exceptions.

    Note: Values such as 80* are not supported. Use the port range instead.

Samsung Knox with DO