Endpoint Protection

I am trying to download drivers fromt he HP website, and the SEP firewall is blocking the download. When you try to downlaod on the client, an FTP request to an alternative port, that changes on each attempt, is sent to three different domains that HP uses. I haev tried setting a host file group with the three domains, and allowing any TCP request to any of those three domains, but I keep getting snagged by the built-in rule "Block all other IP traffic and log"

Any one got any ideas?
 

What does your traffic log show is the exact traffic being blocked? Can you post a snippet here?

You should add a rule to allow it

check this discussion

https://www-secure.symantec.com/connect/forums/older-sep-1106-allow-all-other-ip-traffic-firewall-rule

Hi,

So we are sure Symantec firewall is blocking the traffic.

Couple of things you can do .

1) Create exception for those URL and allow everything for them.

2) Create exception for the port numbers. for FTP you can create exception for port 21 & 22.

You can post the traffic log & packet log file so that we can help you out with the exact firewall rule.

Hi

What is the version of SEP client ?

Regards

Sorry for not returning the replies. I was able to resolve the issue later that night. It was being blocked (Saw the block in the logs), could not white list the URL, as the link woudl hand it off to other domains, and woudd switch protocols, and ports. (woudl switch from HTTP to FTP, on a very high dynamic port. [40,000 range])

Do not want to explicitlly allow all traffic outbound. Was trying to set up better egress rules. IN the end we decided to allow TCP outbound on firefox and chrome. I know this is not necessarily a good rule, but it will block most things.