![should my firewall be on on my mac should my firewall be on on my mac](https://www.dz-techs.com/wp-content/uploads/2020/07/firewall_options_window-Fw6F6Nfs-DzTechs.png)
The built-in firewall is capable of what is called stealth mode, which basically makes your machine invisible on the network. It's just a bit of a pain, and would be nice if Apple provided a better way of NOT enabling/disabling stuff that we don't specifically set in their payloads.Īlso keep in mind when doing it this way, it means you can't make edits to the Profile in the JSS since it will remain locked. If your Mac is connected to an untrusted network all the time (which is fairly uncommon with consumer Macs these days), then you need to take other measures. I've done this procedure myself, so I know it can be done.
![should my firewall be on on my mac should my firewall be on on my mac](https://nscdn.nstec.com/should-my-mac-firewall-be-on-.jpg)
By signing it, the JSS will not make any changes to it and will leave out the settings that you remove from the profile xml.
#Should my firewall be on on my mac download
Then download it, convert the profile into something readable in a text editor using the security command, make some changes to the profile by deleting the payloads you don't want, like the Firewall, and resave it under a new file name (.mobileconfig), then sign the profile and reupload it to the JSS. Click Turn On Firewall to turn the firewall on, and then click Firewall Options to configure your firewall options. Click the Firewall tab, click the lock icon, and enter your password. Click the Apple menu, select System Preferences, and click the Security & Privacy icon. The trick will be to create a new config in your JSS with Security & Privacy settings enabled, just the stuff you want. If you’d like to enable and configure your Mac’s firewall, feel free. Can even be one from a Mac server set up with Profile Manager actually. It just involves several steps, and requires having a signing certificate of some kind. OTOH, if you don't have such a profile installed on these Macs, then something else is affecting it, but I don't know what it would be personally.īut, there IS a way this can be done. It really sucks how they have things set up right now. I wish Apple would split these out or better yet, make an option in Config payloads such as "Do not set" so we can choose not to lock a setting down into an enabled/disabled state.
#Should my firewall be on on my mac password
The only way to avoid this would be to create a custom settings Config Profile that sets the specific Security & Privacy settings you want to set, like the "Require password after sleep or screen saver begins" option and does not set anything for other options.
![should my firewall be on on my mac should my firewall be on on my mac](https://cdn.osxdaily.com/wp-content/uploads/2013/08/block-all-incoming-connections-mac-os-x.jpg)
Because of how Apple, and subsequently Jamf's, Config Profile payloads work, even if you don't specifically set the Firewall option On or Off, simply having it as part of the Security & Privacy payload means it gets locked down, unable to be changed by the user or any admin on the Mac. Do you have a Configuration Profile installed on these Macs that uses the Security & Privacy payload? If so, unfortunately, that may be the cause.