Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Firewall Status Mix Up 12.1RU4

Created: 04 Feb 2014 • Updated: 04 Feb 2014 | 9 comments

Dear community

I recently noticed that the clients on our network seem to have a total mix up in means of firewall status:pic57_anon.jpg
 

All the clients and the back end are running on version 12.1.4013.4013.
This seems strange to me due to several reasons:

  1. Since all of the clients are on the same network and actually do not have any firewall policy attached to their locations.
  2. In another environment, where the clients and back end are running on version 12.1.1101.401, the firewall status of each client is shown as "Enabled".
  3. Both environments are set up identically in terms of Locations, communication settings and policy assignments.
  4. All of the clients affected have been set up from scratch, no migrations.

I have seen various other posts on this already:

But none of them has been concerning the version 12.1.4013.4013.
In other words, is there anything that can be done except searching and hoping? Or am I just missing something?

At least it looks like there has been some other community member with a similar behaviour:
https://www-secure.symantec.com/connect/forums/sep...

I see that a support case has been his marked solution. Is there any knowledge for the public on this one?

Any assistance is welcome :)

Cheers
 

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Do some machines have a the fw component installed but not in use? Or do none have the component installed?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

If right click on client in SEPM and select disable NTP it will say disable by Policy.

However if you withdraw the policy / disable from client it will just say "Disabled"

can you check on the client by opening SEP and checking if NTP is disabled. You might have given full permission to client interface where the user can disable the component.. just double check it

flutti's picture

Hi and thanks for the replies!

@ _Brian:
The component is installed on each client, but has no policy assigned. Hence it is not active.

@ Rafeeq:
At least I did not send any command to disable NTP via SEPM.
Since I'm not in the office anymore, I will check tomorrow at a client that shows "Disabled by Policy".
In the end, what I don't understand is the mixed status of the components on each client. This is what confuses me and really holds me back from upgrading the 12.1.1 environment to 12.1.4 frown

But then again, does it make sense at all, that on the environment with 12.1.1 SEPM and clients (configuration all the same, except the release version of SEPM and clients) all show "Enabled"?

Rafeeq's picture

For  the client which is showing as disabled. From SEPM , right click and select Enable NTP, does it make any difference...and also please check if your clients are in server mode or mixed or client control mode.

SameerU's picture

Hi

Can you check randomly at some client whether the firewall component is disable

Regards

flutti's picture

@ Rafeeq:
Clients are all in Server Control and set to Pull.
After enabling NTP via right-click on the client, no change appears to happen.

@ SameerU:
I checked with administrative rights on three clients with version 12.1.4013.4013 with SEPM status "Disabled by Policy". The firewall is not enabled:sep12-02.JPG

On clients with version 12.1.1101.401, I checked the same. The component is enabled:sep12-03.JPG

It's confusing - Am I missing something there?
 

pete_4u2002's picture

whats the SEPM version did you say?

check if the clients are part of different locations within the group.

Rafeeq's picture

So the report on SEPM is correct then.. The policy is not enabled so its saying disabled by policy

Can you cross check the serial number on the client and sepm.. Just do a update policy after enabling it from SEPM. 

http://www.symantec.com/business/support/index?page=content&id=HOWTO55604

flutti's picture

@ pete_4u2002:
The SEPM version in question is 12.1.4013.4013
All the clients are in the same location which is called "Internal".

@ Rafeeq:
It seems that the report ia correct, indeed. Still, it makes not really sense to me.
Why it makes no sense:

  • Users cannot manipulate anything in the settings of the local SEP client;
  • All the clients are in the same location and therefore are retrieving the same policies,;
  • The policy sets on both of the environments (12.1.4013.4013 and 12.1.1101.401) are the same.

Policy Set 12.1.1101.401:

pic60_anon.jpg

Policy set 12.1.4013.4013:

pic59_anon.jpg

As told, all the clients we're talking about are in the location "Internal".