github · docs-bot · Sep 22, 2025 · Sep 22, 2025 · Sep 22, 2025 · Sep 22, 2025
diff --git a/...copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md b/...copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md
@@ -31,6 +31,16 @@ If {% data variables.product.prodname_copilot_short %} tries to make a request w
 
 ![Screenshot of a warning from {% data variables.product.prodname_copilot_short %} about being blocked by the firewall.](/assets/images/help/copilot/coding-agent/firewall-warning.png)
 
+## Limitations
+
+The agent firewall has important limitations that affect its security coverage.
+
+* **Only applies to processes started by the agent**: The firewall only applies to processes started by the agent via its Bash tool. It does not apply to Model Context Protocol (MCP) servers or processes started in configured {% data variables.product.prodname_copilot_short %} setup steps.
+* **Only applies within the {% data variables.product.prodname_actions %} appliance**: The firewall only operates within the {% data variables.product.prodname_actions %} appliance environment. It does not apply to processes running outside of this environment.
+* **Bypass potential**: Sophisticated attacks may bypass the firewall, potentially allowing unauthorized network access and data exfiltration.
+
+These limitations mean that the firewall provides a layer of protection for common scenarios, but should not be considered a comprehensive security solution.
+
 ## Managing the recommended firewall allowlist
 
 The recommended allowlist, enabled by default, allows access to:

diff --git a/data/features/repo-rules-management.yml b/data/features/repo-rules-management.yml
@@ -3,4 +3,4 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.17'
+  ghes: '>=3.19'