HarfangLab EPPProfessional Firewall
A closer look at how our EPP’s firewall works.

A firewall to apply network policies directly on endpoints
The firewall included in HarfangLab’s EPP aims to secure traffic by applying network protection policies directly on the endpoints.
It is independent – for instance, of the Microsoft Defender firewall for Windows – and enables network connections to be filtered on the basis of IP addresses, ports, protocols, and so on.
Adaptability to your specific context at the heart of our firewall
The firewall policies enable a firewall profile to be associated with endpoints, i.e. a set of filtering rules applied to network connections, based on:
- Network protocol (IPv4 / IPv6 and/or TCP / UDP / ICMP),
- Direction (inbound, outbound, or both),
- Local host, i.e. protected endpoint (single IP address / range / CIDR, port, and/or application),
- Remote host, i.e. the remote endpoint concerned by the connection with the protected endpoint (single IP address / range / CIDR, or FQDN and/or port).
For cases that require the dynamic application of different firewall profiles within a complex network context within a company (e.g. on-the-move endpoints, server simultaneously connected to several networks), HarfangLab’s EPP firewall lets you define network zones based on various parameters such as network interface type, associated IP address, and choose which profile to apply in which network zone via the firewall policy.
These firewall policies are then associated with endpoint policies, unifying all configuration elements in the console.
Incoming and outgoing network connections are filtered using rules configured and administered directly from the HarfangLab console.

EPP users can define different configurations for the same endpoint, and these apply dynamically depending on the context in which the endpoint connects (corporate network, VPN, private network…).
In addition, HarfangLab’s firewall allows to define specific rules for a given application on a protected endpoint, as well as on a FQDN.
These options are designed, for example, to maintain connectivity to a service whose IP address may be unknown or changing.

Using an EPP including firewall features, and capable of automating the neutralization of known cyber threats, reduces cybersecurity analysts’ workload and enables them to focus on in-depth exploration of the data gathered by an EDR.
They can then centralize all information and management of security tools in a single platform, making it easier to monitor the information system and to manage attack prevention.
This represents significant time savings and performance improvement compared to using dispersed tools and managing data from heterogeneous sources.

Let’s take the case of a factory with critical equipment that must never be shut down.
These machines are controlled by EPP-protected servers and require a very high level of network protection. The servers are therefore not connected to the Internet, and only SSH connections from workstations are authorized to manage them.
The database also connects to these servers to retrieve data for use on the business teams’ workstations, also without an Internet connection, but linked to workstations that are connected to the Internet.
The firewall can then be configured via an addressing plan that provides authorizations or restrictions for access to servers and workstations according to their network zone, and according to the type of connection (company network or Internet).
Two firewall profiles can then be considered: one for the factory and one for the offices. Two network zones are then configured according to the previously defined addressing plan, enabling the right profile to be applied to the right network zone depending on the situation of each endpoint.




