CIS ISO NIST CSF SOC

Firewall is on and configured

Time to fix

< 1m

What

Firewall prevents contact from other computers on the Internet or on your network. Learn more on the Apple Support page.

What if I use other firewalls?

You should have the system firewall enabled because other firewalls cannot support stealth mode. Stealth mode is necessary if you are directly connected to the internet via a hotspot or without a router, for example. Stealth mode prevents your Mac from being discovered by threat actors scanning the internet for devices.

How to enable Firewall and Stealth mode

Open System Preferences, click Network, then Firewall.
Toggle Turn On Firewall.
Click Options..., scroll to the bottom, and toggle Enable stealth mode.

If you have issues with Pareto incorrectly reporting Firewall status, try resetting the permissions.

How to reset Firewall permissions

Open Pareto Security and go to Preferences → Permissions.
Click the Remove button for Firewall Access.
Click Authorize to re-grant the permissions.

If that doesn't resolve the issue, try the Terminal commands described below.

How to reset Firewall from Terminal

Open Terminal.
Check current firewall status:
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
Check stealth mode status:
/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode
Disable stealth mode:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode off
Disable the firewall:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
Re-enable the firewall:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
Re-enable stealth mode:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

macOS Sequoia

Create a Pareto Cloud account