Specifying packet types and protocols

Article:HOWTO81820  |  Created: 2012-10-25  |  Updated: 2014-09-21  |  Article URL http://www.symantec.com/docs/HOWTO81820
Article Type
How To

Subject


Specifying packet types and protocols

You can specify that the Gateway Enforcer appliance allows certain packet types to pass through without requiring a client to run or require authentication.

See About advanced Gateway Enforcer appliance settings.

To specify packet types and protocols

  1. In Symantec Endpoint Protection Manager, click Admin.

  2. In the Admin page, click Servers.

  3. Select and expand the Gateway Enforcer appliance group.

  4. Select the group of Gateway Enforcer appliances for which you want to specify packet types and protocols.

  5. Under Tasks, click Edit Group Properties.

  6. In the Gateway Settings dialog box, on the Advanced tab, check or uncheck the following packet types or protocols:

    • Allow all DHCP request packets

      When enabled, the Gateway Enforcer appliance forwards all DHCP requests from the external network into the internal network. Because disabling this option prevents the client from getting an IP address, and since the client requires an IP address to talk to a Gateway Enforcer appliance, it is recommended that this option remain enabled.

      The default setting is enabled.

    • Allow all DNS request packets

      When enabled, the Enforcer forwards all DNS requests from the external network into the internal network. This option must be enabled if the client is configured to communicate with Symantec Endpoint Protection Manager by name rather than by IP address. This option must also be enabled if you want to use the HTTP redirect requests option on the Authentication tab.

      The default setting is enabled.

    • Allow all ARP request packets

      When this option enabled, the Gateway Enforcer appliance allows all ARP packets from the internal network. Otherwise the Gateway Enforcer appliance treats the packet as a normal IP packet and uses the sender IP as source IP and target IP as destination IP and carries out the authentication process.

      The default setting is enabled.

    • Allow other protocols besides IP and ARP

      When this option is enabled, the Gateway Enforcer appliance forwards all packets with other protocols. Otherwise it drops them.

      The default setting is disabled.

      If you checked Allow other protocols besides IP and ARP, you may want to complete the Filter field. You can hover over the field to see examples, some of which follow.

      Examples: allow 800, 224.12.21,900-90d, 224.21.20-224-12.21.100; block 810,224.12.21.200

  7. Click OK.



Article URL http://www.symantec.com/docs/HOWTO81820


Terms of use for this information are found in Legal Notices