Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Howto assign two firewall policies into just one group ?

Created: 05 Feb 2013 | 8 comments

Hi,

How is this possible to assign two different policies into one same group (the screenshot shows that tehe Default group can have more than one firewall policy):

Comments 8 CommentsJump to latest comment

.Brian's picture

Use location awareness

You need to setup multiple locations and than you can assign each location to have a different policy if you wish. Only one policy can be assigned to a group location but you can assign different policies to different locations.

Best Practices for Symantec Endpoint Protection Location Awareness

Article:TECH98211  |  Created: 2009-01-20  |  Updated: 2012-06-07  |  Article URL http://www.symantec.com/docs/TECH98211

 

Enabling location awareness for a client

Article:HOWTO81170  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81170

 

Adding a location to a group

Article:HOWTO81205  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81205

 

More about Location Awareness in Symantec Endpoint Protection (SEP)

Article:TECH97369  |  Created: 2009-01-11  |  Updated: 2013-01-21  |  Article URL http://www.symantec.com/docs/TECH97369

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

MASH1's picture

Hi John,

 

I agree with Brian.

If we have multiple locations configured for the groups we can assign diffrent policies for each location.

for eg:- If you have two locations as "inside office" & "outside office" then we can have policies different when they are in specific locations.If you want to block internet when its outside office but want to enable internet when it is inside office then we can configure policies to achieve it.

If you want to find out which policy is used in specific locaitons then you would need to go from clients tab and check the policies for those specific locations.

 

- MASH

- MASH

John Santana's picture

ok, then I should go to the Client tab then go to Policy ... ? 

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

Than click on "Add Location" and add another location

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Yes

 

To add a location with a wizard'

1. In the console, click Clients.
2. On the Clients page, under View Clients, select the group to add one or more locations to.
3. On the Policies tab, uncheck Inherit policies and settings from parent group "group name".
Add locations only to groups that do not inherit policies from the parent group.
4. Under Tasks, click Add Location.
5. In the Welcome to the Add Location Wizard panel, click Next.
6. In the Specify Location Name panel, type a name and description for the new location, and click Next.
7. In the Specify a Condition panel, select any of the following conditions under which a client switches from one location to another:
No specific condition Select this option so that the client can choose this location if multiple locations are available.

http://www.symantec.com/business/support/index?pag...

Mithun Sanghavi's picture

 

Hello,

How to add more than two Location based settings firewall policy to the newly created group ?

1) First create a new location.

Clients Tab--> click on policies on right pane--> click on "Add Location" and follow the wizard.

2) Once the location is added go to Policies tab which is below reports tab on the left side.

3) When you apply a policy just right click and you will be able to find all the groups and all the locations inside the group. You can select it location wise .

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SebastianZ's picture

You can achieve it only through enabling location awareness - then each location can have a separate policies.

But looking on your first screenshot - I see it was taken from the Policies Tab and not directly from a Clients/group - are those seen policies there assigned to the same group?

JS@support's picture

Hi,

It's not possible to assign two firewall policies at the same time until you use location awareness policy.

Combine both the policies firewall rule & make it a single firewall policy. In this way it should work. yes