Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

firwall policy

Created: 07 Mar 2013 • Updated: 12 Jul 2014 | 2 comments
This issue has been solved. See solution.

Hello,

I am going to configure the firewall policy where using SEP or on SNAC . I wanted give all rights to the some set of server  to each other but in the same lan, I dont wanted to give remote access to some other machines..All server having SEP client installed. Any idea.

Comments 2 CommentsJump to latest comment

SebastianZ's picture

I believe you could work something out here using the location awareness with different firewall policies. But beside you can simply set different set of firewall rules for RDP traffic - set the traffic to access on same lan local machines on 3389 to allow, and to remote lan to block.

Mithun Sanghavi's picture

Hello,

There are few ways for resolving that issue:

1) Block Remote Administration from NTP -

Default Firewall Rules - The Deny rules includes blocking IPv6, IPv6 over IPv4, local file sharing, and Remote Administration

2) Block certain users in Specific Group to access Remote Desktop to specific 1 single server by Following Steps provided below:

  • Confirm that Symantec Endpoint Protection is Installed with All features (Antivirus / Antispyware Protection, Proactive Threat Protection and Network Threat Protection) on Symantec Endpoint Protection Manager Server and on Client machine and the Machines have been Restarted after Installation.

  • Go to the Specific Group to which the Policy is to be applied.
  • Click on Policies TAB, Right click on the Firewall Policy and Click on "Non-Shared to copy."

  • Edit the Remote Administration Policy. In Service Column, Add  Block TCP 135,  Block TCP and UDP 3389. Set Local port to 3389. Kept Remote Port "Blank". Kept Direction to "Both"

  • Add IP Address OR MAC address of 1 client (Machine be Blocked) in the Host Column as Local.

  • Enable the Policy and Click on "OK"

Reference: https://www-secure.symantec.com/connect/forums/blocking-remote-desktop-connection-symantec-endpoint-protection

Here are the Articles which would explain, more on the default Firewall rules in SEP 12.1

About firewall rules

http://www.symantec.com/docs/HOWTO55261

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

http://www.symantec.com/docs/TECH180569

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION