Endpoint Protection

 View Only

  • 1.  Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 04:48 AM

    SEP 12.1 RU2.

     

    I've one group where I've withdrawn the firewall policy (component installed but policy withdrawn).

    I don't understand why I see, in that group, some clients with the firewall status reported as "disabled by policy" and others reported as "disabled".

    All those client rebooted after the installation, they have the correct (and the same) policy serial number, same OS type, they had not SEP before so no old communication settings and so on... simply I don't understand.

    Any idea?

     

     

    Thanks!



  • 2.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 04:51 AM

    Hi,

    Check this thread

    https://www-secure.symantec.com/connect/forums/121-ru2-disabling-windows-firewall



  • 3.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 04:55 AM

    Hi Ashish and thanks for the link.
    Even if the problem reported there is, potentially, a big issue I don't realize why different behaviour for my clients.

    I could understand both of them with firewall disabled or enabled for some reason, but different result...? This is my question mark.

     

    Thanks



  • 4.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 07:16 AM

    Its seems to me like its not Reporting properly,as two kind of Status for a Single Group with same prolicy. You should update the policy once again and check.



  • 5.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 08:50 AM

    Are all clients on the same version of SEP?



  • 6.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 10:00 AM

    Absolutely yes.

     

    Not only. They're deployed using the same exported setup.



  • 7.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 10:01 AM

    You mean, the policy update check performed by the clients at their heartbeat interval? Already passed.

    If you mean directly from the clients... I surely hope this is not necessary 'cause I can't do that (future vision) on all "strange" clients.



  • 8.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 10:02 AM

    Is it possible that on one of the clients someone right clicked the SEP icon and selected "Disable SEP"?



  • 9.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 12, 2012 12:00 PM

    Found it.

    If right click on client in SEPM and select disable NTP it will say disable by Policy.

    However if you withdraw the policy / disable from client it will just say "Disabled"



  • 10.  RE: Firewall status: "disabled" or "disabled by policy"... strange behaviour

    Posted Dec 17, 2012 07:19 AM

    I didn't send the command via console and the user did not disable it via client gui (I control both manager and clients in this phase).

    I cannot solve the problem itself so I've avoided it.

    I've reintroduced the firewall policy to the group with a top rule saying "allow-any-any".
    The firewall is now reported as "enabled" for every client.

    Not a solution, I know, but at least a uniform behavior.