Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Firewall - auto detect location

Created: 08 Jan 2008 • Updated: 21 May 2010 | 7 comments
I've been searching in the forums and KB but havent found an answer to my problem.
If you remember Firewall from XP SP2, you can configure it from GPO differente setings if its inside the domain and outside.
Im looking for a similar solution on the firewall component of SEP 11.
When the user is in office, the firewall must allow Filesharing (135,139) but outside an user is mostly on wi-fi or other dangerous internet connections, and i must block much more ports.
How do i this in SEP? Or cant i? It seems an obvious feature for a Business product but i cant find it.
Any help would be appreciated.
Thank you!

Comments 7 CommentsJump to latest comment

Tarsier's picture
There are firewall policies that you can set, but I've had problems with the rules not working when all components are installed.  Simple ICMP Pinging for example, doesn't seem to work whether enabled in rules or not, if "Network Threat Protection" is installed.  I have temporarily removed that from the install packages/configuration of all clients, then I re-enabled Windows firewalls (controlled by GPO).
Couldn't continue the role-out any other way.  If you need more detail about how to find the firewall rules, etc., check the Administration document.  It tells how to create a new rule and configure one.  There are quite a few settings to set and not all are what I would call "intuitive" based upon past experience.  Not as simple as most firewall setups where you just name a port & protocol and turn it on or off (blocking).
Good luck!

---------------- Things turn out best for the people who make the best of the way things turn out. -John Wooden-

JDobem's picture
Thanks Hugh, for sharing and taking the time.
Indeed i had a similar experience. I know of the firewall policies and have some configured after a lot of trouble. The problem is i need 2 policies, one that applies in office, and the other should apply on the road.
I dont see where and how i can tell SEP to do that, and it seems a feature that should be present. If even Windows Firewall does that, and if this solution expects to disable the firewall and do its chores, i should do even better not worse..
Any ideas? Any Symantec tech can shed some light ?
Paul Murgatroyd's picture

if you are using SEPM to configure your clients, then this is easily achievable - simply click Clients, then select the Group you want to administer. Click the policies tab and on the left you will see several options, two of which are:

Add Location
Manage Locations

Add Location will take you to the add location wizard which walks you through the steps required and allows you to specify a subset of the criteria available to determine your location. Manage Locations takes you to a "advanced" version which shows the full power of location awareness and gives you all the options.

From either of these you can create a location based on criteria you would find in the office, specific IP subnets, DNS lookup, connection to policy manager, etc. The other location you leave blank for its criteria and that will then be used for everywhere else - I'd also recommend you make the "everywhere else" location the default, to increase security.

If you aren't using the SEPM, then I'm afraid there isn't currently a way of configuring location awareness through the SEP Client GUI - you could potentially create these locations on a SEPM then export an installation package containing them though.

Post back if you need more information on anything covered here

Message Edited by Paul Murgatroyd on 01-09-2008 01:24 AM

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed:

JDobem's picture

Yes Paul, thank you.

Found it.

Sorry but it wasnt obvious and i didnt find it in the documentation.

Let's hope it works well.

Seems to have a lot of options, which is good.


SKlassen's picture
I use the location awareness portion for my update policy and it has worked quite well here.
thatdude's picture
I've got the location awareness working but I haven't figured out how to get it to notify the user when it changes states.  At the bottom of the location awareness setting you can configure if you would like to be notified when the location changes.
Anyone get this working?
susanthas-123's picture
Hi All,
I'm in the process of creating video clips for most of the "how-to-do" parts in SEP 11. I've created a video clip for location awareness feature also. If anyone prefer to obtain it please PM so Ic an upload and send a mail to you'll. In the same Time I'd like to Symantec to helpme out to make this successful so we can help most of our users liek this way.