Configure Smart Firewall settings

Information provided in this article helps you configure the Smart Firewall settings in your Norton product. You can find instructions to:

Add, modify, disable, or remove firewall rules
Change the order of firewall rules
Configure Internet access settings for programs
Set network exceptions while connected to a public network
Unblock devices that are blocked by Norton
Configure Wi-Fi security settings for wireless networks

Important:

We recommend you modify your firewall rules only if absolutely necessary. In most cases, Smart Firewall formulates optimal rules without your input.
Do not modify or remove firewall rules unless you are an advanced user. Removing a firewall rule can affect firewall functionality and reduce your computer's security.

General

The General settings let you configure Automatic Program Control and Automatic Network Control, specify Public Network Exceptions, unblock devices that Norton blocks, configure Wi-Fi security settings to handle common network threats, and help restore the default Smart Firewall settings. Click the links below to learn more about each setting.

Automatic Program Control

The Automatic Program Control feature automatically configures Internet access settings for web-enabled programs the first time they run. Automatic Program Control creates a rule when a program attempts to access the Internet for the first time. You can modify the Program rule in the Program Control tab.

Automatic Program Control configures network access only for the versions of programs that Norton recognizes as safe. Norton blocks infected program that attempts to access the Internet, regardless of whether Automatic Program Control is turned on or off. In this case, Norton then notifies you that the application has been blocked.

You can choose how you want Automatic Program Control to manage Internet access for new programs:

Smart Mode: Allows Norton to make decisions automatically when new programs receive inbound or outbound traffic. When you select this option, Norton does not prompt you with any firewall alerts.
Block: Blocks all Internet connections for new programs.
Allow: Allows all Internet connections for new programs.
Ask: If you select this option, you must manually specify the Internet access settings for all new programs in the firewall alerts.

We recommend that the Automatic Program Control feature remains set to Smart Mode. By setting it Allow or Block, you might make an incorrect decision that can allow malicious programs or block critical Internet programs and functions.

For some unknown and untrusted programs, you may receive firewall alerts even if you select Smart Mode. You can specify access settings for such programs in the firewall alert.

Low Risk Applications

Smart Firewall filters programs based on the programs' reputation data collected from the user base of Norton. If a program's reputation data is unknown, the program is considered a Low Risk Application. You can configure Smart Firewall to filter Low Risk Applications based on your preference:

Alert if Suspicious: Alerts you when a suspicious Low Risk Application tries to connect to the network. By default, this option is turned on.
Alert Always: Alerts you whenever a Low Risk Application tries to connect to the network.

The Low Risk Applications setting appears disabled if you set Automatic Program Control to Allow, Block, or Ask Me.

Automatic Network Control

Smart Firewall has in-built firewall profiles with rules designed for different types of networks. The Automatic Network Control feature automatically selects the firewall profile when your PC connects to new networks.

Smart Mode: Smart Firewall evaluates the network and automatically selects the firewall profile. When you connect to a new network, you are not notified with a firewall alert. However, other firewall alerts remain enabled.
Smart Mode + Notifications: Smart Firewall evaluates the network and automatically selects the firewall profile. Norton notifies you with firewall alerts when it detects a new network.
Windows Settings Mode: Follows the Windows Firewall settings for new network connections. When you select this option, Norton does not prompt you with any firewall alerts.

Wi-Fi security

Wi-Fi Security feature helps protect you from common network threats. These include MITM attacks, SSL strip attacks, content tampering attacks, ARP spoofing attacks, and DNS spoofing attacks. For more information, see Learn more about Wi-Fi Security.

Public network exceptions

Smart Firewall monitors the communications between your computer and other computers on the network and helps block suspicious network traffic. Public Network Exceptions help you allow traffic for important Windows-related network activities. Smart Firewall enables or disables these exceptions based on your connected network.

When connected to a Public network, the default configuration of Smart Firewall prevents commonly-used Windows services like file/printer sharing and remote desktops from functioning. If you think Smart Firewall is blocking Windows services, you can configure Public Network Exceptions to allow these Windows services to connect to the network.

You can configure Public Network Exceptions for the following Windows services for Public and Private networks:

Allow incoming file and printer sharing over SMB protocol: Authorizes other PCs in the network to access shared folders and printers on your PC.
Allow incoming remote desktop (RDP) connections: Authorizes other PCs on your network to remotely access and control your PC when the remote desktop service is enabled.
Allow incoming ping and trace requests: Authorizes incoming Internet Control Message Protocol (ICMP). ICMP is typically used by system tools, such as ping or tracert, for diagnostic or control purposes when troubleshooting connectivity issues.
Allow outgoing ping and trace requests: Authorizes outgoing Internet Control Message Protocol (ICMP) messages. ICMP is typically used by system tools, such as ping or tracert commands, for diagnostic or control purposes when troubleshooting connectivity issues.
Allow Domain Name System (DNS) traffic: Authorizes communication with Domain Name Servers, which allows your PC to recognize the IP addresses of the websites you visit.
Allow Dynamic Host Configuration (DHCP) traffic: Authorizes communication using the Dynamic Host Configuration Protocol (DHCP), which automatically assigns an IP address and other network configuration parameters to each device on your network so they can communicate with other networks.
Allow Virtual Private Network (VPN) connections: Authorizes Virtual Private Network (VPN) connections based on a combination of the Layer 2 Tunneling Protocol and Internet Protocol Security.
Allow IGMP traffic: Authorizes multicast communication using the Internet Group Management Protocol (IGMP), which is required by some media streaming services for more efficient use of resources during activities such as video streaming and gaming.
Allow Multicast traffic: Authorizes applications and services to stream media to multiple recipients in a single transmission, which is necessary for activities such as video conferencing.

Blocked devices

When Smart Firewall detects a threat in the inbound or outbound connection from a computer, it blocks all traffic from the computer and adds it to the Blocked devices list. If Norton blocks a computer that you need to access, you can unblock it.

Unblock computers that are blocked by Norton

If Smart Firewall stops network traffic to a computer that you know is safe, you can restore connections to the computer by removing it from the Blocked list.

Open your Norton device security product.
On the left pane, click Security.
Navigate to Advanced Security > Network > Smart Firewall.
In the General tab, under Additional settings, click Manage devices.
In the Blocked devices window, next to the IP address of the computer you want to unblock, click Unblock > OK.
Click Close.

Network

Your Norton product helps you view and manage your network. A network typically consists of the computers and other devices that share your Internet connection.

Your Norton product automatically detects the network your computer uses to connect to the Internet and lists them in the Network tab. You can monitor the status of your networks and change the trust level. When you change the trust level of your network, your Norton product assigns the same trust level to all the devices that are connected to that network.

You can set the following network trust levels:

Private: Adds the network to the Private list.

All traffic your computer receives from a Private network is filtered and allowed through Smart Firewall. However, known attacks and infections are still monitored. You should select this setting only when you are sure that the network is completely safe.

When you change the trust level of a network to Private, you let all the devices on the network to access your computer's shared resources. Norton monitors incoming traffic for known attacks and infections.
Public: Adds the network to the Public list.

Norton blocks files, folders, media, printer sharing, and remote desktop connections with other devices over the network by default.

To share files, folders, media, and printers, and set up remote desktop connection with devices over the network, you can configure the Public Network Exceptions setting.

You keep having protection from known attacks and all unknown traffic.

Public networks in places like restaurants, shopping malls, and airports are categorized as Public. We recommend not changing the network trust level to Private when connecting your computer to a public network.

Program Control

Your Norton product automatically adds a program to Program Control when it tries to connect to the Internet or to another network for the first time. For each program listed in Program Control, you can view its name, trust level, Internet usage, and network access setting.

If a program has not yet made a connection attempt, it does not appear in the Program Control because it does not have assigned Program rules yet. You can add such programs manually to Program Control to control their ability to access the Internet. When you add a program, you can configure its access settings. You can allow, block, or create custom rules specific to the program you add.

By default, Program Control lists all the programs. You can use the Filter option to choose and display only the programs you want to view in the Program Control.

Learn about the parameters for Program rules

For each Program rule that you add or edit, you must configure the following parameters:

Name: Displays the name of the rule. You cannot create a program rule without a name.
Enabled: Indicates the current state of the rule. Yes indicates the rule is enabled. No indicates the rule is disabled.
Action: Indicates the action Smart Firewall takes when applying this rule. Smart Firewall may apply the following actions:
- Smart mode: Smart Firewall determines the appropriate action based on the program's trustworthiness.
- Allow: Smart Firewall allows the connection attempt.
- Block: Smart Firewall blocks the connection attempt.
- Ask: Smart Firewall prompts you to manually allow or deny the connection attempt.
Protocol: Indicates the network protocol the rule applies to. Select a protocol from the list. If you are unsure which protocol to select, select All to apply the rule to all protocols.
Direction: Indicates whether the rule applies to incoming connections (In), outgoing connections (Out), or to connections in both directions (In/Out).
Profile: Indicates the network profile. You can choose the profile based on the network you are connected to. If you are unsure about the network profile, select All to apply the rule to public and private networks.
Address: Indicates the source or destination IP address to which the rule applies. The rule may apply to a single IP address, multiple IP addresses (separated by commas), or an IP address range (starting with the lowest IP address and separated with a hyphen). If the field is blank, the rule applies to all IP addresses.
ICMP Type: Indicates the control message (represented by a code number) that the rule applies to. This option is only available for connections based on the Internet Control Message Protocol (ICMP). The rule may apply to a single code number, or multiple codes (separated by commas). The code numbers of control messages are listed in the technical specifications of the ICMP (RFC 792).
Local port: Indicates a network port number on the local IP address of your PC's network interface. The rule may apply for a single port number, multiple ports (separated by commas), or a port range (starting with the lowest port number and separated with a dash). If the field is blank, the rule applies to all local ports.
Remote port: Indicates a network port number on the remote IP address of the external server or device. The rule may apply for a single port number, multiple ports (separated by commas), or a port range (starting with the lowest port number and separated with a dash). If the field is blank, the rule applies to all remote ports.

A program may need to communicate with a specific remote port to function. For example, your web browser usually needs port 443, the default port used for HTTPS (secure HTTP). To verify the remote port required by a particular program, contact the program vendor or refer to the program's support pages.
Reporting: Indicates how any event related to the rule is reported. You can select one of the following:
- None: Select this option if you do not want your Norton product to record or notify you about the firewall event related to his rule.
- Security History: Creates a log entry of the firewall event in Security History.
- Notification: Your Norton product notifies you when a firewall event related to this rule occurs. It also records the event in Security History.
Certain fields are not displayed depending on the Protocol setting, as the availability of certain parameters depends on the technical specifications of protocols.

Configure Programs rules

Your Norton product automatically creates default program rules when a program tries to connect to the Internet or to another network for the first time. We recommend that you retain the settings that Smart Firewall makes as and when you run your programs. After you use your Norton product for a while, you might need to change the access settings for certain programs. You can edit existing program rules or add new rules.

From the Program Control tab, you can perform the following actions for any Program rule:

Order in which firewall rules are processed

Program Rules are not processed in the order that they appear. However, the rules within each Program Rules entry are processed in order of appearance, from top to bottom.

For example, you have a Program rule for a remote desktop application that blocks the use of the application with any other computer. You add another rule for the same application that allows its use with a specific computer. You then move the new rule before the original rule in the Program rules list. Norton processes the new rule first and lets you use the remote desktop application with that specific computer. It then processes the original rule and prevents the application's use with any other computer.

Add a new rule: Click > Add app rule. Define each of the parameters, then click Save to confirm.
Edit a rule: Click > the pencil icon next to the rule you want to edit. Edit the relevant parameters, then click Save to confirm.
Delete a rule: Click > the X icon next to the rule you want to remove, then click Yes to confirm.
Disable or enable a rule: Click the slider next to a rule to enable or disable it.
View program details: Click > App details. View the details and click Close.
Delete a program: Click > Remove app, then click Remove App to confirm.

The program that you delete gets removed from the Program Control only. All rules that are associated with the program too are removed.
Change rule order: Click > click and drag the relevant row up or down to adjust the priority of the selected rule.

Configure Internet access settings for a program

Open your Norton device security product.
On the left pane, click Security.
Navigate to Advanced Security > Network > Smart Firewall.
In the Smart Firewall window, click the Program Control tab.
Select the program that you want to change.
In the Network access drop-down list, select the access level you want this program to have. Your options are:
- Allow: Allow all access attempts by this program.
- Block: Deny all access attempts by this program.
- Ask: Requests for your permission when this program accesses the Internet.

If the program is not listed in Program Control, click More > and select Allow new app to allow Internet access or Block new app to deny all access attempts by this program.

Traffic Rules

The Traffic Rules tab displays a list of predefined firewall rules. You cannot edit, delete, disable, or change these default Traffic rules. Default Traffic rules are locked.

You can add new rules and modify them. You can also turn off a rule by unchecking its check box.

By default, the new rules get added to the bottom of the list. The rules appear in the list in the order of their priority levels. Rules that appear higher in the list override the rules that appear lower in the list. You can reorder the rules in the list.

Configure Traffic rules

Important: Only advanced or novice users at the direction of technical support should perform this action.

From the Traffic rules tab, you can perform the following actions for any Traffic rules that are not default rules:

Add a new rule: Click More > Create rule. Define each of the parameters, then click Save to confirm.
Edit a rule: Click the pencil icon next to the rule you want to edit. Edit the relevant parameters, then click Save to confirm.
Delete a rule: Click the X icon next to the rule you want to remove, then click Yes to confirm.
Disable or enable a rule: Click the slider next to the rule to enable or disable it.
Change rule order: Click and drag the relevant row up or down to adjust the priority of the selected rule.

Order in which Traffic rules are processed

Smart Firewall processes Traffic rules before it processes Program rules. For example, when there is a Program rule that allows the Microsoft Edge browser to access the Internet using port 80 with TCP protocol and a Traffic rule that blocks TCP communication through port 80 for all applications. The Microsoft Edge browser cannot access the Internet as Norton gives precedence to Traffic rules over Program rules.

Within the list of Traffic rules, rules are processed in order of appearance, from top to bottom. The rule at the top of the table is always applied first. Program Rules are not processed in order. However, the rules within each Program Rules entry are processed in order of appearance, from top to bottom.

For example, you have a Program rule for a remote desktop application that blocks the use of the application with any other computer. You add another rule for the same application that allows its use with a specific computer. You then move the new rule before the original rule in the Program rules list. Norton processes the new rule first and lets you use the remote desktop application with that specific computer. It then processes the original rule and prevents the application's use with any other computer.

Learn about the parameters for Traffic rules

Each rule is defined by the following parameters:

Name: Displays the name of the rule.
Profile: Indicates which network profile the rule applies to (Public, Private, or All).
Action: Indicates the action that Firewall takes when this rule is applied. Smart Firewall may Allow or Block the connection attempt.
Protocol: Indicates the network protocol used by the corresponding traffic. One protocol may be selected, or All if the rule applies to all protocols.
Direction: Indicates whether the rule applies to incoming connections (In), outgoing connections (Out), or to connections in both directions (In/Out). For TCP, UDP, or ICMP protocols, this field corresponds to the direction of the first received packet only.
Address: Indicates the source or destination IP address to which the rule applies. The rule may apply to a single IP address, multiple IP addresses (separated by commas), or an IP address range (starting with the lowest IP address and separated with a dash). If the field is blank, the rule applies to all IP addresses.
Local port: Indicates a network port number on the local IP address of your PC's network interface. The rule may apply for a single port number, multiple ports (separated by commas), or a port range (starting with the lowest port number and separated with a dash). If the field is blank, the rule applies to all local ports.
Remote port: Indicates a network port number on the remote IP address of the external server or device. The rule may apply for a single port number, multiple ports (separated by commas), or a port range (starting with the lowest port number and separated with a dash). If the field is blank, the rule applies to all remote ports.
ICMP Type: Indicates the control message (represented by a code number) that the rule applies to. The rule may apply to a single code number, or multiple codes (separated by commas). This option is only available for connections based on the Internet Control Message Protocol (ICMP). The code numbers of control messages are listed in the technical specifications of the ICMP (RFC 792).

Certain fields are not displayed depending on the Protocol setting, as the availability of certain parameters depends on the technical specifications of protocols.

Need more help?

Upgrade for Free