Endpoint Protection

 View Only

  • 1.  Disabling SEP firewall

    Posted Mar 06, 2009 01:09 PM

    I have just upgraded to Symantec endpoint 11.4014.26 and was wondering if anyone knew the effects of disabling the firewall policy that gets assigned during the installation of Network Threat Protection?  Essentially, I only wanted to take advantage of the Application and Device control feature but, got stuck with Network Threat Protection and its Firewall and Intrusion prevention policies.  My first thought is that I could just disable these two policies and Network threat protection would not restrict traffic from entering or leaving our network but, I wasn't sure if by disabling these policies (firewall/Intrusion) that Network threat protection defaults to a standard set of rules in which some traffic is restricted.  If I could just disable network threat protection and keep the Application and Device control policy enabled I would but, even if you disable NTP from the SEP management console it will be re-enabled on my clients after they perform their scheduled reboot during windows updates.  Any help with this problem would be greatly appreciated.  Thanks to all.

     

    Bob



  • 2.  RE: Disabling SEP firewall

    Posted Mar 06, 2009 01:37 PM

    Simply withdraw the policy in the SEPM.  That has the effect of putting the firewall component into "passthrough" mode and it will allow all traffic.

    I would recommend you keep IPS running though, with a standard policy in place, since the new engine is providing great protection against some of the latest threats doing the rounds - take a look here for more info why: https://www-secure.symantec.com/connect/articles/so-what-krypton-anyway



  • 3.  RE: Disabling SEP firewall

    Posted Mar 06, 2009 02:09 PM

    Simply withdraw the policy in the SEPM.  That has the effect of putting the firewall component into "passthrough" mode and it will allow all traffic.

    I would recommend you keep IPS running though, with a standard policy in place, since the new engine is providing great protection against some of the latest threats doing the rounds - take a look here for more info why: https://www-secure.symantec.com/connect/articles/so-what-krypton-anyway

    Paul Murgatroyd
    Senior Regional Product Manager, Enterprise Security Group, Symantec

     

    Paul, I will certainley look into keeping IPS running and thank you for such a quick response.

    Bob



  • 4.  RE: Disabling SEP firewall

    Posted Feb 25, 2010 12:32 PM
    With the infrequency of network viruses in a properly configured network, combined with the SEPM interface and the commonality of private network applications I think having a software borne firewall located on each and every workstation and server on a network is
    A) 100 times overkill
    B) Increases network overhead
    C) Increases administrative overhead
    D) Causes 100 times more problems than it solves.. if the number is as LOW as 100. 

    Just saying.