Create a Mac Local Firewall Controls Policy

The Local Firewall Control Policy for macOS helps you enforce and modify the behavior of a  local firewall. A firewall protects your devices against malicious or unnecessary network traffic.

To create a macOS Local Firewall Controls policy:

  1. Log in to the Admin Portal:
  2. Go to DEVICE MANAGEMENT > Policy Management.
  3. Under the All tab, click (+).
  4. On the New Policy panel, select the Mac tab.
  5. Select the Local Firewall Controls policy from the list, then click configure.
  6. (Optional) In the Policy Name field, enter a new name for the policy or keep the default. Policy names must be unique.
  7. (Optional) In the Policy Notes field, enter details like when you created the policy, where you tested it, and where you deployed it.
  8. Select Enable Firewall to configure the firewall. You must select this field to enable any additional fields.
  9. Select Block All Incoming Connections to block all new incoming network requests and to enable Stealth Mode.
  10. Select Enable Logging to create log files. This information is stored in /var/log/alf.log and /var/log/appfirewall.log files. This field is available only for devices running macOS 12 Monterey or later.
    • (Optional) If you selected Enable Logging, select Enable Private Data Collection to identify private information about the user or computer at the time of the log entry. You might want to advise your users that private data is being collected.
    • (Optional) If you selected Enable Logging, choose the type of logging you want to collect:
      • Throttled – Log only the minimum data associated with events.
      • Brief – Log a single line item for each firewall action with moderate detail.
      • Detail – Send all details that are collected.


This field is available only for devices running macOS 12 Monterey or later.

  1. Select Enable Stealth Mode to make it more difficult for other devices on your network, friend or foe, to locate your Mac. This setting can also be enabled via Apple’s System Settings > Privacy & Security
  1. (Optional) Select the Device Groups tab. Select one or more device groups where you’ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.
  2. (Optional) Select the Devices tab. Select one or more devices where you’ll apply this policy.
  3. Click save.
  4. If prompted, click save again.
  5. After applying the policy, the user must log out and log back in on the device for the changes to take effect.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case