Contact Us
Help Center Home > Create a Mac Local Firewall Controls Policy

Create a Mac Local Firewall Controls Policy

The Local Firewall Control Policy lets you enforce and modify the behavior of the firewall in macOS. A firewall protects your devices against malicious or unnecessary network traffic.

Prerequisites:

Creating the Policy

To create a Mac Local Firewall Controls policy:

  1. Log in to the JumpCloud Admin Portal.

Important:

If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See JumpCloud Data Centers for the URLs, FQDNs, and IP addresses.

  1. Go to Device Managements > Policy Management and click (+).
  2. On the New Policy panel, select the Mac tab.
  3. Select the Local Firewall Controls policy from the list, then click configure.
  4. (Optional) In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
  5. (Optional) In the Policy Notes field, enter details like when you created the policy, where you tested it, and where you deployed it.
  6. Select Enable Firewall to configure the firewall. You must select this field to enable any additional fields.
  7. Select Block All Incoming Connections to block all new incoming network requests and to enable Stealth Mode.
  8. Select Enable Logging to create log files. This information is stored in /var/log/alf.log and /var/log/appfirewall.log files. This field is available only for Mac computers running macOS Monterey 12 or later.
    • (Optional) If you selected Enable Logging, select Enable Private Data Collection to identify private information about the user or computer at the time of the log entry. You might want to advise your users that private data is being collected.
    • (Optional) If you selected Enable Logging, choose the type of logging you want to collect:
      • Throttled - Log only the minimum data associated with events.
      • Brief - Log a single line item for each firewall action with moderate detail.
      • Detail - Send all details that are collected. This field is available only for devices running macOS 12 Monterey or later.
  1. Select Enable Stealth Mode to make it more difficult for other devices on your network, friend or foe, to locate your Mac. This setting can also be enabled via Apple’s System Settings > Privacy & Security
  2. Enter the app’s unique Bundle ID in the Application Bundle ID and set the Allow Connections field to True to to authorize the system connections.
  3. Select Allow Signed Built-in Software to permit built-in applications to receive incoming connections. This feature is available on macOS 12.3 and later
  4. Select Allow Signed Downloaded Software to permit downloaded signed software to receive incoming connections. This feature is available in macOS 12.3 and later.
  1. (Optional) Select the Device Groups tab. Select one or more device groups where you'll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
  2. (Optional) Select the Devices tab. Select one or more devices where you'll apply this policy.
  3. Click Save.
  4. After applying the policy, the user must log out and log back in on the device for the changes to take effect.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case