Using " * " or "Any" as "Application" when creating firewall rules in Symantec Endpoint Protection 11.0
| Article:TECH104295 | | | Created: 2008-01-28 | | | Updated: 2011-01-20 | | | Article URL http://www.symantec.com/docs/TECH104295 |
Problem
How to use " * " (Asterisk) or "Any" as Application when creating firewall rules in Symantec Endpoint Protection 11.0. What is the difference between " * " and Any? Why does the "allow-all" rule not work with ICMP/ping or broadcast traffic?
Solution
When creating firewall a rule in the Symantec Endpoint Protection Manager 11.x, there is a difference between leaving the Application field as "Any" and entering an asterisk (*) to match all applications.
- “Any”
This setting will include all packets, no matter which application they’re destined for/coming from or if they are not associated with a running application at all. Therefore this setting will match traffic such as incoming broadcast packets and Internet Control Messaging Protocol (ICMP). - Asterisk (*)
This setting will include only packets that are associated with a running application matching the " * " rule for the file name. Incoming broadcast and ICMP traffic for example, would be excluded from a rule with this configuration.
The default "Allow all applications" rule that is included when a new firewall policy is created uses the asterisk/star (*) in the rule and therefore does not match incoming ICMP traffic. To allow a ping of the host running the Symantec Endpoint Protection client, the "Allow ping" rule should also be enabled.
|
|
Legacy ID
2008022815002148
Article URL http://www.symantec.com/docs/TECH104295
Terms of use for this information are found in Legal Notices
Thank you.