Best practices for creating a Symantec Client Firewall policy file

Article:TECH101544  |  Created: 2005-01-03  |  Updated: 2006-01-12  |  Article URL http://www.symantec.com/docs/TECH101544
Article Type
Technical Solution


Environment

Issue



This document describes the best practices for creating a Symantec Client Firewall policy file.


Solution



This procedure involves the following steps:
  • Install Symantec Client Security to a model client with the default policy.
  • Connect to the network.
  • Create rules when Symantec Client Firewall alert windows appear.
  • Perform typical user tasks so that Symantec Client Firewall can create Program Rules.
  • Review the Symantec Client Firewall logs to find any instances of blocked communications.
  • Export the policy file.
  • Import the policy file into Symantec Client Firewall Administrator.
  • Edit the policy file to meet the needs of your network.

Install Symantec Client Security to a model client with the default policy
Use a computer that reflects your typical network workstation as the basis for creating a policy. Do not use a computer with Symantec System Center installed because it requires firewall rules that are not appropriate for client workstations. You may need to create more than one model client, depending on the needs of your users and your network configuration. Different user groups and locations generally require different protection settings. For example, members of the accounting group may require different protection settings than

members of the administrators group, and computers accessing the network remotely may require different protection settings than computers accessing the network locally.

If the types of clients or programs in use on your network are very diverse, you may want to use the Profiling feature to identify the rules that you need.
For directions, read the document Using Profiling in Symantec Client Firewall 7.x and later.

After you install Symantec Client Security and restart the computer, connect to the network in the same manner that users do. Perform typical user tasks so that Symantec Client Firewall prompts you to create Program Rules for commonly-used programs.


Note: The \Tools\PolicyFiles folder on the installation CD contains the sample firewall policy files that you can test with, one of which supports Active Directory.
For details, read Using Symantec Client Firewall 7.x or later in an Active Directory Environment.



After you finish your tests, view the Symantec Client Firewall logs. Look for any communication that Symantec Client Firewall blocked and did not trigger an alert window.

To view Symantec Client Firewall logs
  1. Start Symantec Client Firewall.
  2. In the left pane, click Statistics.
  3. Click View logs.
  4. In the left pane, click Firewall.


To export the policy file from a model Symantec Client Firewall client
  1. Start Symantec Client Firewall.
  2. Click Options.
  3. On the Settings Manager tab, click Export Settings.
  4. In the File name box, type a name for the policy file, and then click Save.
  5. Click OK.

Save the file and then copy it to a computer that runs Symantec Client Firewall Administrator.

To import the policy file into Symantec Client Firewall Administrator
  1. Start Symantec Client Firewall Administrator.
  2. Click File > Import.
  3. In the File Import Data Selection dialog box, confirm that all of the boxes are checked, and then click OK.
  4. In the File Import dialog box, find the policy file that you exported and then click Import.
  5. Click Locked and Unlocked rules.

Edit the policy file to meet the needs of your network. Create rules for any communication that Symantec Client Firewall blocked and did not trigger an alert window.
For details, read the "Step 3: Customize the policy within Symantec Client Firewall Administrator" section of the following document:
Creating a custom policy for Symantec Client Firewall 8.x or Symantec Client Security 3.x

To learn how to distribute Symantec Client Firewall policy files to managed clients, read Using Symantec System Center 6.x or later to distribute a Symantec Client Firewall policy.





Legacy ID



2005100315004748


Article URL http://www.symantec.com/docs/TECH101544


Terms of use for this information are found in Legal Notices