Video Screencast Help

Edit firewall policy if management server is unavailable in DR situation

Created: 14 Nov 2013 • Updated: 14 Nov 2013 | 3 comments

I am providing support for several different clients on a few different domains, but all are controlled by the same management server.  Some of the clients are utilizing the SEPM firewall settings to allow or deny access across the network. 

In a disaster situation, I can configure location awareness to receive live updates of the virus definitions from the internet, but how would I update the firewall policies if the management server is not available?

I know there is a policy export / import feature, but could we export the existing policy, edit the policy manually and re-import it directly to the client?

Or would it be best to simply uninstall the software until a new management server is available?

Since there is one management server spanning four domains, setting up a replication partner is not possible.

Any suggestions are welcome.

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

What you can do is export the firewall policy in the sepm. It will be saved with a .dat extension. Rename is to .zip and open it up. There will be a main.xml file in there which you can edit.

Now, I wouldn't recommend editing this unless you know what you're doing. It's definitely not supported.

Once done, you can import the xml file into the client

Best case scenario here is to add another setup for failover

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

greg12's picture

If I understand you correctly, you have a special location for SEPM failure. Why don't you switch this location to Client Control? Then users are able to manage their firewall rules independently from SEPM.

Alternatively, you could define sort of "disaster firewall policy" in your backup location.