Firewall management in Addigy uses a Security and Privacy MDM configuration profile to control macOS application firewall behavior on enrolled devices. You define the desired firewall settings once, then apply them to one or more policies so any devices in those policies automatically receive the configuration. This helps you standardize security, reduce misconfiguration, and meet compliance requirements across your fleet.
How to Create a Firewall MDM Profile
- Navigate to the Catalog page in Addigy.
- Select the MDM Profiles tab.
- Click New near the top right of the MDM Profiles pane.
- In the payload list, select Security and Privacy.
- Within Security and Privacy, select the Firewall tab.
- Configure the Firewall settings as needed for your environment, such as enabling the firewall, blocking all incoming connections, or enabling stealth mode (options mirror macOS Firewall settings).
- Enter a clear Name for the profile and the firewall payload so you can easily identify it later (for example,
macOS – Standard Firewall). - Click Create Profile.
Once created, the profile appears under Catalog > MDM Profiles and can be deployed to an individual device using GoLive or added to a policy for bulk deployment. We always suggest deploying the profile to a test device before pushing it out to an entire policy to verify expected behavior.
How to Verify Firewall Status on Devices
Once the profile is assigned, you can verify that devices are receiving and enforcing the firewall configuration. For more information, see Viewing Firewall Information on macOS Devices via Addigy
Check via GoLive
- Navigate to Devices and open the target device’s GoLive page.
- Select the Security tab.
- Scroll to the Firewall section to confirm whether the firewall is enabled and to review allowed or blocked applications.
Check via Device Facts and Monitoring
- Review Firewall-related Device Facts such as Firewall Enabled, Firewall Block All Incoming Connections, Firewall Stealth Mode Enabled, and Firewall Allowed Applications.
- Use these facts in a Monitoring item to alert you when devices are not compliant with your firewall policy (for example, when the firewall is disabled).
Firewall Settings Explained
The macOS Firewall payload includes several key options you can manage through Addigy.
- Enable Firewall: Turns on the macOS application firewall to help block unwanted incoming connections.
- Block All Incoming Connections: Only allows essential services and signed apps to receive incoming connections, increasing protection on exposed networks.
- Stealth Mode: Prevents the Mac from responding to unsolicited network probes, making it less visible on the network.
- Allowed Applications: Lets you specify apps that are permitted to accept incoming connections, ensuring necessary services remain functional.
Frequently Asked Questions
Can I use Addigy’s firewall configuration with third‑party security tools?
Yes, you can use Addigy’s firewall configuration alongside third‑party endpoint security tools such as EDR, but you should review vendor guidance to avoid overlapping network filter or firewall components. If another product also manages firewall or network filtering, coordinate settings so only one tool controls packet filtering to prevent conflicts.
How can I alert when the firewall is disabled on a device?
Create a Monitoring item that uses the Firewall Enabled device fact and triggers when the value indicates the firewall is off. Configure notifications or remediations so you are alerted and can take action when a device falls out of compliance.