When you isolate a computer from a network, a strict set of firewall rules are applied to prevent the computer from connecting to the internet.
Note: The isolated computer retains its device profile, including its firewall profile. The isolation rules are applied but not shown in the profile editor.
By default, the firewall profile turns off all network connections and allows only F-Secure processes. It turns off all other firewall rules for the selected devices. Also, it blocks the DNS resolution for all non-allowed DNS addresses to prevent possible information leakage through DNS queries. An isolated device has no internet connection, thus it cannot be accessed from outside or used to search the internet.
As an administrator, you can add extra rules to the firewall profile used by the device if you need to provide extra access. For example, you can allow remote access to the device so that a support engineer could access it and investigate issues.
Note: Extra rules are usually “Allow” rules, because everything is already blocked by default.
Note: The isolation rules replace the firewall rules of the current firewall profile when the computer is isolated. When network isolation is removed, the previous firewall profile is applied.
The Allowed domains field below the Firewall rules table allows you to specify the domain for which you want to allow the isolated device to connect.
Note: Only the domains in the Allowed domains field are resolved by DNS.
The network isolation feature works even if the firewall is turned off in the F-Secure Elements Endpoint Protection profile settings. The network isolation mode forces the firewall and the network isolation profile on. However, if the GPO settings on a device force the firewall off, the network isolation mode does not turn it on.