Adding multiple clients to a Firewall policy


Article ID: 184830


Updated On:


Endpoint Protection


Adding multiple clients to Cyber Defense Manager (CDM) firewall policy


SEP 15


Host can be added at a time from each firewall rule in a Firewall policy. To eliminate the retyping of each host address or host name for each firewall rule, create a single host group with multiple hosts.

A host group is accessible from any firewall rule in any Firewall policy. Any changes made to the host group update automatically in the Firewall policies that refers the group.

See Host

When a host group is added to a firewall rule, it adds all the hosts as a single entry. Hosts can be removed from each firewall rule when it is not needed anymore

To delete the host group from all firewall policies, the group's host address or names get converted to multiple entries in the firewall rule. For example, if a host group has five items, the host group coverts from one entry to five entries in each firewall rule.

To create host groups

  1. Go to Endpoint > Policies > Policy Components.
  2. On the Host Groups tab, select Add Host Group.
  3. In the Create Host Group dialog box, enter a group name, and then click Add Host.
  4. In the Add Host dialog box, select Save & Add Another to add multiple hosts.
  5. Select Save and then select Yes.

When a host group is updated, each Firewall policy that refers the host group gets updated automatically and a new policy version is created.

  • Select Yes to make sure that the new policy version also gets applied to the device groups or policy groups the policy is assigned to.
  • Select No to refrain from applying the new policy version to the device groups or policy groups the policy is assigned to..

To add host groups to a firewall rule

  1. In a Firewall policy, create a new rule or editing an existing rule.

See Adding a custom firewall rule in Symantec Endpoint Security

  1. In the Add/Edit Firewall Rule dialog box, select Hosts > Only hosts defined by the local/source or remote/destination address below.

Select Add from Host Group, check a host group in the Group Name column, and select Submit > Submit.