Endpoint Protection Small Business Edition

 View Only

  • 1.  Endpoint Protection Firewall and Hyper-V

    Posted Jun 06, 2016 04:19 AM

    Hopefully someone can help me figure this one out.

    We are having an issue with the firewall component of Endpoint Protection and networking on a hyper-v virtual system.

    The setup is as follows:

    Windows Server 2012-R2 Server with 2 nics, one used for server networking, the econd is bound as a virtual switch for the virtual system.

    Hyper-V virtual PC running Windows 10 Professional.

    Endpoint Protection is installed on both.

    With the firewall enabled, the virtual PC can connect to the web, however loses access to the SQL database for our accounts package, and is no longer accessible via Remote Desktop Connection. Enabling a blank rule in the firewall policy (effectively disabling the firewall) restores all access.

    I have tried configuring a rule for the port used for the remote desktop, but this did not allow access.

    Is there perhaps a port I'm missing used by Hyper-V that is being blocked?



  • 2.  RE: Endpoint Protection Firewall and Hyper-V

    Posted Jun 06, 2016 08:05 AM

    After you configured the rule to allow access for the port, what was showing in the traffic log? Still blocked? What does the rule look like?



  • 3.  RE: Endpoint Protection Firewall and Hyper-V

    Posted Jun 07, 2016 06:23 AM

    Hi Brian

    I have been able to get the details from the rule and the blocks:

     

    Rule:
    Action - Allow
    Application - Any
    Host - Any
    Service - TCP (local 3391, remote 3391)
    Log - Write to traffic log
    Severity - 5
    Adapter - All
    Time - Any
    Screen Saver - Any

     

    Log:
    Client Affected
    Computer Name   
    Current: (Server Name)
    When event occurred: (Server Name)
    IP Address   
    Current: 10.0.0.2
    When event occurred: 10.0.0.201
    User Name: (network administrator account)
    Location Name: Default
    Domain Name: Default
    Group Name: My Company\Default Group
    Server Name: (Server Name)
    Site Name: My Site
     
    Risk DetectedEvent Time: 07/06/2016 11:08:50
    Begin Time: 07/06/2016 11:08:28
    End Time: 07/06/2016 11:08:37
    Occurrence: 3
    Event Type: TCP initiated
    Severity: Info
    Action: Blocked
    Application Name:  
    Network Protocol: TCP
    Traffic Direction: Inbound
    Remote IP: (external IP we are attempting access from)
    Remote Host Name:  
    Alert: 0
    Local Port: 3391
    Remote Port: 51223
    Rule Name: Block all other IP traffic and log

     

    I have also tried setting the firewall rule to allow traffic on all external TCP ports and to allow IP as a service, still being blocked with the same reasons.



  • 4.  RE: Endpoint Protection Firewall and Hyper-V

    Posted Jun 07, 2016 08:18 AM

    It's hitting the last rule in the stack because it didn't match any above it. Have you tried just allowing all traffic to that host?



  • 5.  RE: Endpoint Protection Firewall and Hyper-V

    Posted Jun 14, 2016 07:39 AM

    Hi Brian

    While I could allow all traffic, ultimately the user wants the firewall in place to protect the systems from unwanted traffic that they haven't chosen to allow.



  • 6.  RE: Endpoint Protection Firewall and Hyper-V

    Broadcom Employee
    Posted Jun 27, 2016 11:14 AM

    What' the SEPM & SEP client versions are? Could you share the Traffic logs from the affected machine.