Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How do I find the log entries for SEP firewall "peer-to-peer authentication settings"

Created: 05 Apr 2013 | 2 comments

SEP and SEPM 12.1 RU2 - the very latest up to this time.
I have configured the Firewall policy in RU2 with the peer-to-peer authentication settings - helps prevent remote connections or attempted remote connections by persons or computers outside of our own LANs. Slick - I go into Excluded hosts button, put in our subnets and networks, and it blocks remote connection attempts by forcing authentication. Excluded hosts don't have to get past this SEP firewall authentication and can RDP in like normal (still having to authenticate just like normal RDP connectins windows to windows OS)

It works as I see the entries in our KIWI logs - I have SEPM servers set up to forward certain logs and certain levels of alerts into the KIWI system so we can views ALL logs from any device, any server in one single place, and do SQL queries.

I see entries in the KIWI that says this was attempted, but I want to find these logs in the SEPM console - and can't. I checked the firewall  - traffic, packet, and attack areas, don't see anything.  Where should I be looking to see results of the peer to peer authentication and excluded hosts rules in the firewall -
Firewall policy, bottom choice on the left, exclused hosts, etc. where is this logged if someone or something tries to establish remote connection but the firewall stops it?

Operating Systems:

Comments 2 CommentsJump to latest comment

.Brian's picture

Peer-to-peer authentication information appears in the Compliance Enforcer Client log and in the Network Threat Protection Traffic log per this KB article:

Configuring peer-to-peer authentication

Article:HOWTO80751  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80751

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.