About Policies

Policies are collections of firewall rules and IP Scopes with a common purpose, for instance enabling File and Print-functionality through the firewall. Without policies the configuration of a system would have to be made by adding one rule at a time, a very tedious task. With Policies, many rules can be applied to a collection of servers at a single time. In addition, Policies are used to narrow the scopes of rules to specific IP ranges, see IP scopes in this manual.

Usually, Policies represents a system, such as Intranet, document service, Internet Bank, Exchange/E-mail etc. By using Policies, it becomes easy to work with reports and delegation for a specific system. In addition, nodeProtect becomes a very good place to document which servers belong to a specific system, which comes in handy during incident- and change management.


All Policies View

  • Name: The name of the policy.
  • Type: Displays if the policy has been defined as a Windows Firewall or IPSec policy.
  • Date Modified: Shows you the last time a change was made to the policy.
  • Actions: A shortcut Actions menu to copy, edit and remove an IP scope.

Manage Policies

When creating or editing a Policy you are presented with the following form to fill with information:



  • Name: Stipulates the name for the policy. Consider naming it in such a way that it well describes the system that resides within the Policy, for instance: “SysDom - EconomySystem”.
  • Description: In this space you can enter notes in regards to this policy.
  • Type: Choose between Windows Firewall or IPSec.
  • Nodes: Here you can define all nodes to be affected by the policy.
  • Node Groups: Here you can define all node groups to be affected by the policy.

Windows Firewall Rules

In this tab you add the firewall ruls and IP Scopes you have previously created.



On the History tab, you can view any configuration that have been performed for this Policy, when they where performed and by who.


This view is intended for informational display purposes only and does not allow for any configurational changes.