Endpoint Protection

 View Only

  • 1.  How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 09:03 AM

    Hello All,

    i am planing to block incoming port 3389 on all our systems through SEPM firewall except from three servers (Jump box).

    please help me out how do i configur the above rule on SEPM firewall.

     

    The requirement is to have

    RDP disable from :

    • Workstations (Desktops and Laptops) to Workstations.

    RDP will be only allowed from

    • Workstations to Jump box
    • Jump box to Workstations

     



  • 2.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 09:08 AM

    Create a rule to block RDP on workstations, move it to the top

    Create a rule to allow RDP from workstation to jump box, move it above block RDP rule

     



  • 3.  RE: How to block incoming port 3389 in Symantec firewall



  • 4.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 09:13 AM

    thanks for quick reply Brain,

    what about 

    • Jump box to Workstations ?


  • 5.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 09:15 AM

    You can create another rule to allow that traffic as well. Just be sure to move above the Block RDP rule.



  • 6.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 12:21 PM

    Try this...

    Firewall.PNG

    The servers can be specified using hostname/IP/MAC.



  • 7.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 01:12 PM

    Hi 

     

    When blocking a port number should it be local and remote or source and destination in a network.



  • 8.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 01:18 PM

    local/remote



  • 9.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 29, 2013 02:30 PM

    thanks mate

     



  • 10.  RE: How to block incoming port 3389 in Symantec firewall

    Posted Aug 30, 2013 05:33 AM

    HI,

    Create a Firewall policy to block the port 3389 and test it and rolled it out.

    Regards

    Ajin



  • 11.  RE: How to block incoming port 3389 in Symantec firewall

    Trusted Advisor
    Posted Aug 30, 2013 09:16 AM

    Hello,

    There are few ways for resolving that issue:

    1) Block Remote Administration from NTP -

    Default Firewall Rules - The Deny rules includes blocking IPv6, IPv6 over IPv4, local file sharing, and Remote Administration

    2) Block certain users in Specific Group to access Remote Desktop to specific 1 single server by Following Steps provided below:

    • Confirm that Symantec Endpoint Protection is Installed with All features (Antivirus / Antispyware Protection, Proactive Threat Protection and Network Threat Protection) on Symantec Endpoint Protection Manager Server and on Client machine and the Machines have been Restarted after Installation.

    Firewall_Block_1.jpg

     

    • Go to the Specific Group to which the Policy is to be applied.
    • Click on Policies TAB, Right click on the Firewall Policy and Click on "Non-Shared to copy."

     

    Firewall_Block_2.jpg

     

    • Edit the Remote Administration Policy. In Service Column, Add  Block TCP 135,  Block TCP and UDP 3389. Set Local port to 3389. Kept Remote Port "Blank". Kept Direction to "Both"

    Firewall_Block_3.JPG

     

    • Add IP Address OR MAC address of 1 client (Machine be Blocked) in the Host Column as Local.

    Firewall_Block_4.jpg

     

    • Enable the Policy and Click on "OK"

    Reference: https://www-secure.symantec.com/connect/forums/blocking-remote-desktop-connection-symantec-endpoint-protection

    Here are the Articles which would explain, more on the default Firewall rules in SEP 12.1

    About firewall rules

    http://www.symantec.com/docs/HOWTO55261

     

    Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

    http://www.symantec.com/docs/TECH180569

    Hope that helps!!