Best practices for using software firewalls on Scan/Protection Engine hosts in RPC/Netapp environments

Article:TECH146058  |  Created: 2010-12-13  |  Updated: 2014-07-21  |  Article URL http://www.symantec.com/docs/TECH146058
Article Type
Technical Solution


Subject

Issue



There is a need to configure built in software firewall on the host where Scan/Protection Engine is installed. Scan/Protection Engine is processing scan requests from Netapp Filer (RPC). In some situations adding symcscan.exe to firewall exceptions still doesn't allow scan requests to be processed correctly.


Solution



It is strongly advised to disable any software firewalls and please also note that configuring any third-pary firewalls (including windows 2008 firewall) or introducing any changes to the registry for RPC port allocation is out of scope of Symantec Support.

The following can be considered, but it should be noted this might have negative performance impact and is out of scope of Symantec Support:

The communication with the Netapp Filer takes place using RPC protocol. RPC protocol uses the following ports on Windows 2008: 49152 - 65535. What needs to be done is open above ports in windows firewall to ensure that the filer and the scanner can communicate. If it's not possible to open all these ports, one can restrict the ports used by following the steps in the Microsoft KB referenced below. This will force RPC to use a limited subset of ports.

How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596 




Article URL http://www.symantec.com/docs/TECH146058


Terms of use for this information are found in Legal Notices