firewall - policy disabled, clients status says enabled
Updated: 23 May 2010 | 7 comments
This issue has been solved. See solution.
At our office we don't want to use the SEP firewall, so I disabled the policy for the firewall in the SEPM. I thought this was adequate, but I notice that if I look at the Clients tab in the SEPM and view the Protection technology list, under Firewall Status it's listed as "Enabled" for all clients.
With this conflicting information, I can't tell if the firewall is enabled or disabled. Can anyone clarify?
And if it is enabled, how do I properly disable it?
discussion Filed Under:
Comments
Policy Vs. Feature
I think here we have ONLY disabled the POLICY for Firewall (NTP) which is just a medium to manage SEP Firewall on clients...
If you plan > not to use the firewall > change in the Install Package is required...
Create a Install Package without NTP and deploy the same to the client > which should result in a SEP CLIENT install without firewall (NTP)
Thanks :-)
Kedar Mohile http://kedarmohile.blogspot.com
Is the firewall the only
Is the firewall the only component of Network Threat Protection? I was under the impression there was more to it than that.
Also, the thought of redeploying 550 clients right after we've basically just finished getting them installed across the company is downright frightening.
NTP
NTP is firwall and IPS Detection.
It is advised to have NTP installed..
Firewall is all policy based so if you set a policy to allow everything means that you are just disabling the firewall.It wont actually say it is disabled..but it means the same..
But the IPS feature is the real security feature that is a must have feature.That will block all unwanted known network attacks.
If you want that it should not block any traffic but just Inform you and the user that something wrong it going on..even that can be done you can set the IPS rules to log rather than block.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Disabling the policy does not turn off the firewall.
There are 2 options here for 'disabling' the firewall:
1. assign an install package to your group that does not include that component (the existing clients will adjust components without needing to re-install).
Symantec Endpoint Protection: How to remove Network Threat Protection and Email Tools through the Symantec Endpoint Protection Manager.
http://service1.symantec.com/SUPPORT/ent-security....
2. Re-enable the firewall policy, but first add an 'allow all' rule to the top of the list of rules inside the policy.
Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
http://service1.symantec.com/SUPPORT/ent-security....
Of the two the second gives you greater security, as was mentioned before, because you still get IPS working for you.
Think before disabling NTP
Jeremy is Right you can follow his steps to disable the firewall (NTP).
But Vikram's advise is excellent, you should consider his advise before disabling.
Regards...
Ramji Iyyer
Regards...
Ramji Iyyer
You'll lose application and
You'll lose application and device control feature as well, if you do not include NTP feature. You'll realise that while creating packages. When you deselect NTP, Application and Device Control will become disabled.
SEPM will list it as enabled meaning that it is installed and ready. so policy withdrawal will not disable it, since some other functinality depends on it as others say.
is there a problem with the firewall? why is the main reason for you don't want it?
best regards,
Best regards,
Bekir Burak Durmaz
Sorry for the slow reply,
Sorry for the slow reply, just got back from vacation. I think we're going to go with Vikram's recommendation (equal to Jeremy's option 2) and just set the firewall policy to allow all, and keep the other components working.
The reason we don't want Symantec firewall is we already have an extensive corporate firewall system setup that we're happy with, and we don't really need to add a second one, nor to we want to spend the time troubleshooting possible conflicts between the two systems if we try to manage them both.
Would you like to reply?
Login or Register to post your comment.