Restrict network access for Windows Airwall Agents and Servers users (Lockdown mode)

You can configure Windows Airwall Agents and Servers to run in Lockdown mode, which restricts access to network resources not explicitly allowed by Conductor trust policy.

Lockdown mode is a global setting that applies to all Windows Airwall Agents and Servers on the Conductor.

To set up lockdown mode

  1. Go to Settings > Global Airwall agent settings.
  2. Select Edit Settings.
  3. On the Advanced page, scroll to Lockdown mode.
  4. Check Enable lockdown mode on compatible Airwall agents.
    Lockdown mode section of Settings showing how to enable
  5. To allow users to override Lockdown mode on their device – Check Allow users to disable lockdown mode on Airwall agents.
  6. To provide Internet access – Under Lockdown mode egress gateway, select an Airwall Gateway that has been configured as a egress (bypass) gateway. Any traffic that is not allowed by trust policy is then tunneled to the egress gateway and can reach the Internet.
    Note: To set up an egress gateway, you must configure an Airwall Gateway with an overlay port group that can route out to the Internet. In most cases, you must also set SNAT on that port group. See Configure an Airwall Gateway as a Bypass gateway.
    Note: This setting will be replaced when Windows Airwall Agents and Servers are able to use bypass settings.

  7. To exempt any resources from lockdown mode (that is, allow access to certain resources without trust policy):
    1. Next to IPs exempt from lockdown mode, select the + (plus).
    2. For each exception, specify an IP address, a protocol and direction, and, optionally, a port. Local traffic matching any of these rules is allowed.
  8. Select Save.