Understanding the Smart Traffic Filters in Symantec Endpoint Protection
|Article:TECH148648|||||Created: 2011-01-20|||||Updated: 2014-05-20|||||Article URL http://www.symantec.com/docs/TECH148648|
How does the "Enable Smart DNS", "Enable Smart DHCP" and "Enable Smart WINS" options in the Symantec Endpoint Protection (SEP) 11.0 or 12.1 firewall policies work?
The Smart Traffic Filter options in SEP do not block traffic. What the options do is allow outgoing requests, and incoming replies matching a previous requests.
Incoming packets not matching the Smart Filters criteria will be handled by the regular firewall rules, and typically blocked. There is no need to add separate firewall rules to allow the DNS, DHCP or WINS ports when the Smart Filters are enabled. The Smart Filters override the firewall rules, and by only accepting solicited incoming packets they are more secure than creating a firewall allow rule to open each of the ports fully.
If you disable the Smart Filters, you will need to create firewall rules that allow the remote UDP ports 53, 67/68, and 137 in order to enable DNS, DHCP, and WINS respectively.
Article URL http://www.symantec.com/docs/TECH148648