Skip to main content

Overview

Firewall Management policies control network traffic on endpoints through the Falcon platform. These policies work in conjunction with firewall rules to define allowed and blocked network connections across your environment.
Required API Scope: Firewall management: Read (for read operations) or Firewall management: Write (for write operations)

Get Firewall Policies

Search for and retrieve Falcon Firewall Management policies.
Get-FalconFirewallPolicy
Get-FalconFirewallPolicy [[-Filter] <string>] [[-Sort] <string>] [[-Limit] <int>] [[-Include] <string[]>] [[-Offset] <int>] [-Detailed] [-All] [-Total]

Parameters

Id
string[]
Policy identifier(s). Pattern: ^[a-fA-F0-9]{32}$
Filter
string
Falcon Query Language (FQL) expression to limit resultsExample: platform_name:'Windows'+enabled:true
Sort
string
Property and direction to sort resultsValid values: created_by.asc, created_by.desc, created_timestamp.asc, created_timestamp.desc, enabled.asc, enabled.desc, modified_by.asc, modified_by.desc, modified_timestamp.asc, modified_timestamp.desc, name.asc, name.desc, platform_name.asc, platform_name.desc, precedence.asc, precedence.desc
Limit
int32
Maximum number of results per request (1-5000)
Include
string[]
Include additional propertiesValid values: members, settings
Offset
int32
Position to begin retrieving results
Detailed
switch
Retrieve detailed information
All
switch
Repeat requests until all available results are retrieved
Total
switch
Display total result count instead of results

Examples

Get-FalconFirewallPolicy -All -Detailed

Create Firewall Policy

Create new Falcon Firewall Management policies.
New-FalconFirewallPolicy
New-FalconFirewallPolicy -Name <string> -PlatformName <string> [[-Description] <string>]

Parameters

Name
string
required
Policy name
PlatformName
string
required
Operating system platformValid values: Windows, Mac, Linux
Description
string
Policy description
InputObject
object[]
One or more policies to create in a single request (for batch operations, max 100 per request)

Examples

New-FalconFirewallPolicy -Name 'Production Servers Firewall' -PlatformName 'Windows' -Description 'Firewall policy for production Windows servers'
After creating a firewall policy, you must assign firewall rule groups to it using policy actions and create/configure the actual firewall rules separately.

Edit Firewall Policy

Modify existing Falcon Firewall Management policies.
Edit-FalconFirewallPolicy
Edit-FalconFirewallPolicy -Id <string> [[-Name] <string>] [[-Description] <string>]

Parameters

Id
string
required
Policy identifier. Pattern: ^[a-fA-F0-9]{32}$
Name
string
Policy name
Description
string
Policy description
InputObject
object[]
One or more policies to modify in a single request (for batch operations, max 100 per request)

Examples

Edit-FalconFirewallPolicy -Id <policy_id> -Name 'Updated Firewall Policy Name'

Remove Firewall Policy

Remove Falcon Firewall Management policies.
Remove-FalconFirewallPolicy
Remove-FalconFirewallPolicy -Id <string[]>

Parameters

Id
string[]
required
Policy identifier(s) to remove. Pattern: ^[a-fA-F0-9]{32}$

Example

Remove-FalconFirewallPolicy -Id <policy_id>

Policy Actions

Perform actions on Falcon Firewall Management policies such as enabling/disabling or assigning to host groups.
Invoke-FalconFirewallPolicyAction
Invoke-FalconFirewallPolicyAction -Name <string> [[-GroupId] <string>] -Id <string>

Parameters

Name
string
required
Action to performValid values: add-host-group, disable, enable, remove-host-group
GroupId
string
Host group identifier. Pattern: ^[a-fA-F0-9]{32}$Required for: add-host-group, remove-host-group
Id
string
required
Policy identifier. Pattern: ^[a-fA-F0-9]{32}$

Examples

Invoke-FalconFirewallPolicyAction -Name enable -Id <policy_id>

Get Policy Members

Search for members (hosts) assigned to Falcon Firewall Management policies.
Get-FalconFirewallPolicyMember
Get-FalconFirewallPolicyMember [[-Id] <string>] [[-Filter] <string>] [[-Sort] <string>] [[-Limit] <int>] [[-Offset] <int>] [-Detailed] [-All] [-Total]

Parameters

Id
string
Policy identifier. Pattern: ^[a-fA-F0-9]{32}$
Filter
string
Falcon Query Language expression to limit results
Sort
string
Property and direction to sort results
Limit
int32
Maximum number of results per request (1-5000)
Offset
int32
Position to begin retrieving results
Detailed
switch
Retrieve detailed information
All
switch
Repeat requests until all available results are retrieved
Total
switch
Display total result count instead of results

Example

Get-FalconFirewallPolicyMember -Id <policy_id> -Detailed -All

Set Policy Precedence

Set Falcon Firewall Management policy precedence order for a specific platform.
Set-FalconFirewallPrecedence
Set-FalconFirewallPrecedence -PlatformName <string> -Id <string[]>

Parameters

PlatformName
string
required
Operating system platformValid values: Windows, Mac, Linux
Id
string[]
required
Policy identifiers in desired precedence order (highest to lowest priority). Pattern: ^[a-fA-F0-9]{32}$
All policy identifiers must be supplied in order, with the exception of the platform_default policy.

Example

$PolicyOrder = @('<policy_id_1>', '<policy_id_2>', '<policy_id_3>')
Set-FalconFirewallPrecedence -PlatformName 'Windows' -Id $PolicyOrder

Firewall Policy Architecture

Firewall Management policies in Falcon work with several related components:
  1. Firewall Policies: Container for firewall configuration and rule assignments
  2. Firewall Rule Groups: Collections of firewall rules
  3. Firewall Rules: Individual rules defining network traffic permissions
1

Create Policy

Create a firewall policy using New-FalconFirewallPolicy
2

Configure Rules

Create and configure firewall rules using firewall rule management cmdlets
3

Assign to Hosts

Assign the policy to host groups using Invoke-FalconFirewallPolicyAction
4

Enable Policy

Enable the policy to enforce firewall rules on assigned hosts
Firewall policies can significantly impact network connectivity. Test policies in a non-production environment before deploying to production systems. Incorrect configurations may block legitimate traffic.

Use Cases

Create firewall policies with different rule sets for workstations, servers, and specialized systems to implement network segmentation.
Define firewall policies that meet compliance standards (PCI-DSS, HIPAA, etc.) and assign them to relevant host groups.
Implement default-deny policies with explicit allow rules for authorized connections, supporting zero trust network principles.
Create restrictive firewall policies for DMZ hosts that allow only necessary inbound and outbound connections.

Prevention Policies

Manage Prevention policies

Device Control Policies

Control USB and Bluetooth device usage

Build docs developers (and LLMs) love

Get started for freeTalk to us