Firewall Exception on Managed client
I am having trouble using the email feature of Shadow Protect on a client. I know that my SMTP Email server is working and the server responds to the Shadow Protect email test by connecting, but the response from the SMTP is lost. I'm pretty sure the port is getting blocked by my firewall on the client.
How do I create a firewall exception for this client if it is managed?
Is it possible to make this exception specific for this client.
Hello JerryF,If you want to
If you want to create a firewall rule which affects only this one managed client, you have two options.
- Put this client in a unique group in the SEPM and then apply your customized firewall policy to only this group.
- Add a customized firewall rule to the client itself (as opposed to adding the rule to the policy in the SEPM.)
I am going to assume you will want option 2 and will provide instructions for that. If you need something different, let me know. I am also going to assume you are using SEP 11.0.x (as opposed to SEP 12.1), since you were not specific.
By default, a managed SEP client will not allow a user to create their own firewall policies from within the SEP client GUI. You will need to change the client interface control settings from within the SEPM to give yourself permission to to modify the client-side firewall rules. Follow these steps:
- Login to the SEPM
- Click Clients
- Select the group that your client is in
- Click Policies (the tab at the top)
- Remove policy inheritance (checkbox at top) if necessary
- Expand Location-specific Settings
- Click Server Control (it will open a new dialog box)
- Select Client control from the list
- Click OK
- Wait for the SEP client to pick up the policy change. (You can speed this up by right-clicking the SEP system tray icon on the client and clicking Update Policy.)
After you have made this change, you can now modify the client-side firewall rules using the following steps.
- Double-click the SEP system tray icon
- Click Options next to Network Threat Protection
- Click Configure Firewall Rules...
- Click Add
- Fill out the rule information as you see fit and click OK.
I suggest creating an Allow All rule (which, as the name suggests, allows all network traffic in or out of the box) and bumping it to the top of the rule list in order to confirm that this fixes the problem. If an allow all rule does NOT fix the problem, then any more specific rule (i.e., restricted to a certain port, protocol, or application) most certainly won't fix it either. Thus, testing the allow all rules can save you some time in the end.