Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to Add items globally to Firewall rules

Created: 08 Feb 2013 | 12 comments
Car_Bed's picture

So,

Short version is I divide things between Locations, in a External location Im going through a discovery of applications that I want to allow or disallow on this specific location. Is there a way I can

A) pull up a report

B) See what came up on a client for application access (Network Threat= PAcket or Traffic, doesnt matter)

C) Add that "User allowed, or Blocked" to a Global Rule

More or less, this is a very easy way to say, a user in my test bed, said "Yes, allow this traffic to happen". I want to take that response, and add it to a rule for "allow". Its almos like im asking for a componenet similiar to what wwe can do with Adding a Centralized exception to whatever policy.

Anyone know what im trying to do..

thanks in advance, as always

Comments 12 CommentsJump to latest comment

.Brian's picture

A) Yes you can view a report from the Monitors tab. Set the log content to Network Threat Protection and content to traffic

This will show all of your traffic from the users

B) Click View Log and it should give you all the info

C) There is no way to add the user to the rule from this screen (similar to how you can with risks)

The rules are all or nothing and apply to every PC in the group, unless when you build the rule, you specifically exclude that PC name from the rule. This you can do.

But there is no option to simply click and "Add to Rule"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Car_Bed's picture

Brian

Question for you

In a External Firewall Policy one of my rules allows a specific IP range, further down I have a "Prompt for Application Access" It seems this keeps coming up, despite the Source IP is suppose to have been globally "Allowed" in my first rule..

Any ideas, anyone?

Thanks, as always

.Brian's picture

Do you have Network Application Monitoring turned on? Sounds like it may be from this.

On the Clients page >> Policies tab, does NAP show as ON? One of the options is to "Ask" when an app change is detected.

If not enabled in the SEPM, it could possibly be enabled on just the client if it is in Client control mode

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Car_Bed's picture

Good thought, checked and I'm clear

Not Enabled @ NAP, and Set to Server mode.

I did do this, let me know your thoughts.

I move the Allow all IP Traffic rule Above my Ask for every little thing rule...And set the IP range to what I want adding a Blanket TCP and UDP setting...I'm Thinking if you leave it blank, it allows any port, in the set Protocol..

.Brian's picture

Ok so it definitely is the Notification setting in the firewall policy.

And once you moved it above the Ask rule, it is still "Asking"?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Car_Bed's picture

anyone

Its still prompting, and not working as expected

SebastianZ's picture

What do you mean that the rule "prompt for application access" will not go away - what happens when you delect it?

Car_Bed's picture

Symantec, can you Respond please? Any advice

Car_Bed's picture

More or less, When the rule is in place, the prompt is not there (Expected behavior)

My Goal- Use this  "Prompt for application acces" to deliver a prompt to my end user for traffic not defined in my "Allowed Range". Whats happening is that Rules higher up the food chain, are not working as intended and as per my picture, not telling the next rule down, "that traffic is OK, lets not prompot the user"/

So back to my original issue or

I define a rule tht says Promopt for application access

I define a rule above that, critically 0, that says, Allow this entire Subnet range

My users prompt is originating from the range i said was "Ok"..

what am i missing

Rafeeq's picture

You would get it for the very first time, the the next pop up , there should be change. 

https://www-secure.symantec.com/connect/forums/net...

whats your  version  number?