Using Profiling in Symantec Client Firewall 7.x and later

Article:TECH100977  |  Created: 2004-01-19  |  Updated: 2005-01-13  |  Article URL http://www.symantec.com/docs/TECH100977
Article Type
Technical Solution

Product(s)

Environment

Issue



This document explains how to use the new Profiling feature in Symantec Client Firewall 7.x and later.


Solution



Symantec Client Firewall Administrator lets you gather information about network traffic and connections that occur on managed Symantec Client Security firewall clients. You can then use the Profiling feature to view the traffic generated and received by clients and quickly create pRules and NetSpecs to support the traffic. Profiled network connections are used with Location Awareness.

You must install the following components to use Profiling:
  • Symantec System Center Console
  • Symantec Client Firewall Administrator
  • Managed Symantec Client Security client(s)

To set up Profiling
  1. Start Symantec Client Firewall Administrator.
  2. On the Profiling tab, click Options.
  3. Check one or both of the following items:
    • Enable program profiling
      This allows Symantec Client Firewall to profile program rules that are created and automatically create pRules.
    • Enable connection profiling
      This allows Symantec Client Firewall to profile new connections that are created and automatically create NetSpecs. You must set up Location Awareness to use connection profiling.
      For help with this, read the document Configuring Location Awareness in Symantec Client Firewall 7.x.
  4. Check one of the following items:
    • Continuous profiling
      This option turns on profiling indefinitely.
    • Suspend profiling after: X days
      Specify the number of days that you want Profiling to run.
  5. Click OK.
  6. If you did not check Enable connection profiling in step 3, go to step 12.
  7. On the Locations tab, on the Connection Management tab, click a location in the list.
  8. Click Edit.
  9. In the Rule Exception Handling drop-down list, click Permit.
    Rule Exception Handling tells Symantec Client Firewall how to deal with programs for which a program rule has not been created. Setting this to Permit will automatically create an Allow rule for the program. This should be used with caution and is intended to be used specifically with Profiling.
  10. Click OK.
  11. Repeat steps 7 through 10 for each location in the list.
  12. Save the policy file, and use Symantec System Center to deploy your new policy to a client.
    To learn how to do this, read the document Using Symantec System Center 6.x or later to distribute a Symantec Client Firewall policy.

Note: If you are running Symantec Client Firewall Administrator on the same computer as Symantec Client Firewall, you can use the "Export to Active Client" option from the File menu to deploy the new policy to the local client.


If you do not want wait for network traffic to occur, any of the following actions generate network traffic.

To create network traffic
  • Do any of the following actions:
    • Display network servers in a window.
    • Display a network Directory in a window.
    • Connect to the Internet.
    • Run LiveUpdate from Symantec Client Firewall client.
    • Print.
    • At a command prompt, type both of the following commands:

      ipconfig /release
      ipconfig /renew

    • Restart the computer, and log on and authenticate to a domain.
    • Send or receive email.

To use Profiling data to create a policy file
  1. Start Symantec System Center.
  2. Right-click the client that is running Profiling, and then click All Tasks > Symantec Client Firewall > View Profiled Firewall Exceptions.
  3. Click Export.
  4. Save the file to a convenient location and name it Firewallexp.csv
  5. Right-click the client that is running Profiling, and then click All Tasks > Symantec Client Firewall > View Profiled Firewall Connections.
  6. Click Export.
  7. Save the file to a convenient location and name it Profcon.csv
  8. Start Symantec Client Firewall Administrator.
  9. Do one of the following:
    • If you previously saved the policy file, then on the File menu, click Open and find the previously saved policy file.
    • If you did not save the policy file and your local Symantec Client Firewall client has the updated policy, then on the File menu, click Import from Active Client.
  10. On the Profiling tab, click Retrieve.
  11. Click the Firewallexp.csv file, and then click Open
  12. Select a rule to process, and then click Process.
  13. Follow the on-screen instructions.
  14. Repeat steps 12 and 13 for each rule in the list.
  15. Click Retrieve.
  16. Click the Profcon.csv file, and then click Open
  17. Select a rule to process, and then click Process.
  18. Follow on the on-screen instructions.
  19. Repeat steps 17 and 18 for each rule in the list.
  20. When you have finished making changes, save the policy file, and then use Symantec System Center to deploy your new policy to clients.
    To learn how to do this, read the document Using Symantec System Center 6.x or later to distribute a Symantec Client Firewall policy.

Note: If you are running Symantec Client Firewall Administrator on the same computer as Symantec Client Firewall, you can use the Export to Active Client command on the File menu to deploy the new policy to the local client.




References
For help with the installation of Symantec Client Security, read the document that applies to your situation:




Legacy ID



2004111913330548


Article URL http://www.symantec.com/docs/TECH100977


Terms of use for this information are found in Legal Notices