Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Controlling network traffic on a special-purpose machine using the SEP firewall

Created: 10 Sep 2013 • Updated: 10 Sep 2013 | 8 comments
Language Translations
.Brian's picture
+9 9 Votes
Login to vote

From time to time, a requirement comes down the pipeline in which a machine with a "special" purpose needs to be connected to the internal network. The requirements are as follows:

  • No ability to "ping" the machine
  • No inbound traffic allowed
  • Only one IP address is allowed to access this machine via port 3389 for remote administration

Meeting the above requirements can be accomplished using the SEP firewall. For the purpose of this article, I'm using SEP 12.1 RU3.

Here's a screen shot of the three firewall rules created to accomplish our goal:

untitled_39.JPG

To test the first rule, Block Ping, we can verify the block with a simple Nmap scan:

1_3.JPG

The Traffic log from the SEP firewall also verifies the ping attempt is blocked:

2_3.JPG

Next, we can test the second rule, Allow Remote Administration, by doing a simple RDP to the machine from the allowed IP address. The Traffic log from the SEP firewall also confirms this is working:

3_3.JPG

Now, I did an Nmap scan from the allowed IP address to confirm port 3389 is open, which it is:

4_3.JPG

I also did an Nmap scan from a disallowed IP address to confirm port 3389 is closed, which it is:

5_3.JPG

Lastly, we can test the third rule, Block Incoming Traffic, by attempting to connect to a share on the machine. Access is denied:

6_3.JPG

The Traffic log from the SEP firewall also confirms the block was successful:

7_1.JPG

The SEP firewall is a great tool and has endless possibilities for controlling traffic on your network. The aim of this article was to give you a small snapshot into what is possible using the firewall. I hope this is helpful to you. Please feel free to leave feedback, whether positive or negative.

Comments 8 CommentsJump to latest comment

SebastianZ's picture

Very practical walkthrough. Thanks for sharing.

+1
Login to vote
SUPPORT-2-SUPPORT's picture

Good one....

Regards,

S2S

Please don't forget to mark your thread solved with whatever answer helped you.

+1
Login to vote
flyer41's picture

would your line 3 not blocking outbound traffic?

if this was not a requirement,

you may set the service to IP incoming, if this was not changed from version 11

+1
Login to vote
.Brian's picture

Not from the host

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

+1
Login to vote
Samir-Ahmed's picture

Does anybody have material on how to check and analyse the SEP firewall logs?????

+1
Login to vote
.Brian's picture

Enable TSE Debugging per hthis article:

http://www.symantec.com/docs/TECH102412

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

+1
Login to vote
batuhancalin's picture

Ty so much Brian.

This was one of the our customer's request.

Best Regards.

Batuhan

+1
Login to vote
.Brian's picture

Awesome, happy to help! smiley

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote