Symanec Protection Suites

 View Only

  • 1.  Does Endpoint Protection 2013 have central firewall logging?

    Posted Oct 04, 2012 05:23 PM

    We're looking at evaluating endpoint protection products and during our eval we have a need to put the firewall in logging mode and have it report back centrally to the admin interface so that we can see what has been blocked (incoming/outgoing) or allowed on certain machines.

     

    It doesn't appear that MS FEP can do this (firewall logs seem to be stored locally on the machine).

    Same thing with McAfee HIPS (firewall logs are located on the machine itself)

    Anyone know if Symantec's product can log these back to the admin interface (in the database of course) so that you don't have to manually fetch them from each machine?

     



  • 2.  RE: Does Endpoint Protection 2013 have central firewall logging?



  • 3.  RE: Does Endpoint Protection 2013 have central firewall logging?

    Broadcom Employee
    Posted Oct 04, 2012 10:23 PM

    the SEPM console manages the firewall rules for managed clients. The logging/block/allow (actions) can be set here.

    Once the client gets the policy considering you have set the rules to log, during the client heartbeat the client upload it's logs which will have the logged details.

     



  • 4.  RE: Does Endpoint Protection 2013 have central firewall logging?
    Best Answer

    Broadcom Employee
    Posted Oct 04, 2012 10:29 PM

    hope this helps

    Symantec Endpoint Protection Manager - Firewall - Policies explained

    http://www.symantec.com/business/support/index?page=content&id=TECH181701



  • 5.  RE: Does Endpoint Protection 2013 have central firewall logging?

    Posted Oct 05, 2012 09:17 AM

    Thanks Pete, that does appear to do what we would want it to do.