Host Firewall - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Control communications on your endpoints based on the network location of your device by using the Cortex XDR host firewall.

The Cortex XSIAM host firewall enables you to control communications on your endpoints. To use the host firewall, you set rules that allow or block the traffic on the devices and apply them to your endpoints using host firewall policy rules. Additionally, you can configure different sets of rules based on the current location of your endpoints - within or outside your organization network. The Cortex XSIAM host firewall rules leverage the operating system firewall APIs and enforce these rules on your endpoints, but not your Windows or Mac firewall settings.

The following apply Cortex XSIAM host firewall policy rules on your endpoints.


Requirements and Limitations


  • Cortex XDR agent 7.5 or a later release.

  • By default, Cortex firewall is disabled and Windows firewall has control. Enforcing Cortex firewall rules will take control away from Windows Firewall, and Windows firewall rules will no longer apply.

  • It is recommended to disable the windows firewall on endpoints running Windows 7 SP1 before applying the Cortex XSIAM host firewall profile.


  • Cortex XDR agent 7.5 or a later release.

  • After you disable or remove the Cortex XSIAM host-firewall policy on the endpoint, the system firewall on the endpoint is disabled.

  • You cannot configure the following Mac host firewall settings with the Cortex XSIAM host firewall.

    • Automatically allow built-in software to receive incoming connections.

    • Automatically allow downloaded signed software to receive incoming connections.


Not supported.