Default Network Threat Protection Rules for Symantec Endpoint Protection

Article:TECH91729  |  Created: 2009-01-09  |  Updated: 2011-05-06  |  Article URL http://www.symantec.com/docs/TECH91729
Article Type
Technical Solution


Environment

Issue



You want to know what the default system-wide settings are for the Network Threat Protection Firewall in Symantec Endpoint Protection 11

Symptoms
These are the default system-wide Network Threat Protection rules for Symantec Endpoint Protection. They can be found by going through the following procedure:

1. Log into the Symantec Endpoint Protection Manager
2. Selecting Policies from the left hand column
3. Under View Policies select "Firewall"
4. Double click the "Firewall policy"
5. When the policy opens select "Rules" on the left hand column.




System-Wide Settings (15 default rules)
These are the default system wide firewall rules.

Rule Name: Any Application (please note this rule only exists on unmanaged clients running RU5)
Enabled: NO
Severity: 5-Major
Application: Any
Host: Any
Time: Any
Service: Any
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic Log
Created At: Shared

Rule Name: Block IPv6
Enabled: YES
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: Ethernet [Protocol=0x86dd]
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic Log
Created At: Shared

Rule Name: Block IPv6 over IPv4 (Teredo)
Enabled: YES
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: UDP [Remote=3544]
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic Log
Created At: Shared

Rule Name: Block IPv6 over IPv4 (ISATAP)
Enabled: YES
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: IP:[41]
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic Log
Created At: Shared

Rule Name: Allow Fragmented Packets
Enabled: YES
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: IP:[Fragmented Packets]
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Allow Wireless ESPOL
Enabled: YES
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: Ethernet:[Protocol=0x888e]
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Allow MS Remote Access and Routing ARP Driver Any
Enabled: YES
Severity: 10-Minor
Application: wanarp.sys
Host: Any
Time: Any
Service: Any
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Block Local File Sharing
Enabled: NO
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: TCP[Local=139,445]
UDP[Local=135,137,138]
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic Log
Created At: Shared

Rule Name: Block Remote Administration
Enabled: NO
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: TCP[Local= 135]
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic Log
Created At: Shared

Rule Name: Allow All Applications
Enabled: YES
Severity: 10-Minor
Application: *
Host: Any
Time: Any
Service: Any
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Allow ping, pong and tracert
Enabled: YES
Severity: 10-Minor
Application: Any
Host: Any
Time: Any
Service: ICMP [Type=0; incoming]
ICMP [Type=8; outgoing]
ICMP [Type=11; incoming]
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Allow VPN
Enabled: YES
Severity: 5-Major
Application: Any
Host: Any
Time: Any
Service: VPN - - - PPTP
VPN - - - Check Point
VPN - - - NetScreen
VPN - - - Cisco 5000
VPN - - - Cisco 3000
VPN - - - Nortel
VPN - - - Aventail
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Allow all other IP traffic
Enabled: YES
Severity: 15-Information
Application: Any
Host: Any
Time: Any
Service: IP:
Adapter: All Adapters
Screen Saver: Any
Action: Allow
Logging: None
Created At: Shared

Rule Name: Don't log broadcast and multicast traffic
Enabled: YES
Severity: 15-Information
Application: Any
Host: Local:FF-FF-FF-FF-FF-FF
Local: 224.0.0.0-239.255.255.255
Time: Any
Service: IP:
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: None
Created At: Shared

Rule Name: Block all other traffic
Enabled: YES
Severity: 15-Information
Application: Any
Host: Any
Time: Any
Service: IP:
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic log
Created At: Shared



Solution







Legacy ID



2009010908394648


Article URL http://www.symantec.com/docs/TECH91729


Terms of use for this information are found in Legal Notices