About Windows Firewall and Symantec Endpoint Protection's NTP

Article:TECH97986  |  Created: 2009-01-08  |  Updated: 2011-02-11  |  Article URL http://www.symantec.com/docs/TECH97986
Article Type
Technical Solution


Issue



For added protection, should both Windows Firewall and SEP's Network Threat Protection (NTP) be used on a computer?


Solution



Best Practice
It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance.

To prevent this situation, SEP's installer automatically detects and disables Windows firewalls that are enabled. (The exception is, of course, if a custom install package is created which does not include NTP. If this Symantec firewall is not included in the install, an active Windows Firewall will not be disabled during install.)


Using Windows Firewall with SEP's IPS or ADC Features
It is acceptable to have both Windows Firewall and SEP's NTP component installed on one computer, so long as only one of the firewalls is enabled and acting on the network traffic. One circumstance in which customers may wish to implement such a solution is if Windows Firewall is being used for firewall protection and the IPS (Intrusion Prevention System) components of SEP are desired. (To use IDS/IPS, NTP must be installed but NTP does not need to be monitoring traffic.) This is also the case for SEP's Application and Device Control (ADC): to use ADC, NTP must be installed, though it does not need to be monitoring traffic.

In these cases, NTP's Firewall policy must be completely withdrawn so that it is in pass-through mode. To withdraw the firewall policy:

  1. In the console, click Policies.
  2. On the Policies page, under View Policies, click Firewall Policies.
  3. In the Firewall Policies pane, click the specific policy that you want to withdraw.
  4. On the Policies page, under Tasks, click Withdraw the Policy.
  5. In the Withdraw Policy dialog box, check the groups and locations from which you want to withdraw the policy.
  6. Click Withdraw.
  7. When you are prompted to confirm the withdrawal of the policy from the groups and locations, click Yes.






References
Best practices regarding Intrusion Prevention System technology





Legacy ID



2009120816110248


Article URL http://www.symantec.com/docs/TECH97986


Terms of use for this information are found in Legal Notices