Endpoint Protection

 View Only

  • 1.  Firewall Status Mix Up 12.1RU4

    Posted Feb 04, 2014 09:39 AM

    Dear community

    I recently noticed that the clients on our network seem to have a total mix up in means of firewall status:pic57_anon.jpg
     


    All the clients and the back end are running on version 12.1.4013.4013.
    This seems strange to me due to several reasons:

    1. Since all of the clients are on the same network and actually do not have any firewall policy attached to their locations.
    2. In another environment, where the clients and back end are running on version 12.1.1101.401, the firewall status of each client is shown as "Enabled".
    3. Both environments are set up identically in terms of Locations, communication settings and policy assignments.
    4. All of the clients affected have been set up from scratch, no migrations.

    I have seen various other posts on this already:

    But none of them has been concerning the version 12.1.4013.4013.
    In other words, is there anything that can be done except searching and hoping? Or am I just missing something?

    At least it looks like there has been some other community member with a similar behaviour:
    https://www-secure.symantec.com/connect/forums/sep-firewall-status

    I see that a support case has been his marked solution. Is there any knowledge for the public on this one?

    Any assistance is welcome :)

    Cheers
     



  • 2.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 04, 2014 03:22 PM

    Do some machines have a the fw component installed but not in use? Or do none have the component installed?



  • 3.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 04, 2014 03:34 PM

    If right click on client in SEPM and select disable NTP it will say disable by Policy.

    However if you withdraw the policy / disable from client it will just say "Disabled"

    can you check on the client by opening SEP and checking if NTP is disabled. You might have given full permission to client interface where the user can disable the component.. just double check it



  • 4.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 04, 2014 04:20 PM

    Hi and thanks for the replies!

    @ _Brian:
    The component is installed on each client, but has no policy assigned. Hence it is not active.

    @ Rafeeq:
    At least I did not send any command to disable NTP via SEPM.
    Since I'm not in the office anymore, I will check tomorrow at a client that shows "Disabled by Policy".
    In the end, what I don't understand is the mixed status of the components on each client. This is what confuses me and really holds me back from upgrading the 12.1.1 environment to 12.1.4 frown

    But then again, does it make sense at all, that on the environment with 12.1.1 SEPM and clients (configuration all the same, except the release version of SEPM and clients) all show "Enabled"?



  • 5.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 04, 2014 08:18 PM

    For  the client which is showing as disabled. From SEPM , right click and select Enable NTP, does it make any difference...and also please check if your clients are in server mode or mixed or client control mode.



  • 6.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 04, 2014 10:49 PM

    Hi

    Can you check randomly at some client whether the firewall component is disable

    Regards

     



  • 7.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 05, 2014 04:13 AM

    @ Rafeeq:
    Clients are all in Server Control and set to Pull.
    After enabling NTP via right-click on the client, no change appears to happen.

    @ SameerU:
    I checked with administrative rights on three clients with version 12.1.4013.4013 with SEPM status "Disabled by Policy". The firewall is not enabled:sep12-02.JPG

    On clients with version 12.1.1101.401, I checked the same. The component is enabled:sep12-03.JPG

    It's confusing - Am I missing something there?
     



  • 8.  RE: Firewall Status Mix Up 12.1RU4

    Broadcom Employee
    Posted Feb 05, 2014 04:16 AM

    whats the SEPM version did you say?

    check if the clients are part of different locations within the group.



  • 9.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 05, 2014 04:23 AM

    So the report on SEPM is correct then.. The policy is not enabled so its saying disabled by policy

    Can you cross check the serial number on the client and sepm.. Just do a update policy after enabling it from SEPM. 

    http://www.symantec.com/business/support/index?page=content&id=HOWTO55604



  • 10.  RE: Firewall Status Mix Up 12.1RU4

    Posted Feb 05, 2014 04:57 AM

    @ pete_4u2002:
    The SEPM version in question is 12.1.4013.4013
    All the clients are in the same location which is called "Internal".

    @ Rafeeq:
    It seems that the report ia correct, indeed. Still, it makes not really sense to me.
    Why it makes no sense:

    • Users cannot manipulate anything in the settings of the local SEP client;
    • All the clients are in the same location and therefore are retrieving the same policies,;
    • The policy sets on both of the environments (12.1.4013.4013 and 12.1.1101.401) are the same.

    Policy Set 12.1.1101.401:

    pic60_anon.jpg

    Policy set 12.1.4013.4013:

    pic59_anon.jpg

    As told, all the clients we're talking about are in the location "Internal".