Endpoint Protection

 View Only

  • 1.  IPS - Excluded Hosts and Firewall

    Posted Oct 06, 2010 09:56 AM

    When an IP is added to the Excluded Hosts list in an Intrusion Protection Policy, what exactly are they excluded from...everything?

    I ask since I have my Firewall policy set to block incoming traffic (tcp) on specific ports, and although this seems effective (client logs show the blocking occuring) I have a server that is part of my excluded list pass right thru with no blockage.  Is this correct...in that any host added to the Excluded list bypasses everything?

    Additionally, should my SEPM servers be part of this list?



  • 2.  RE: IPS - Excluded Hosts and Firewall
    Best Answer

    Posted Oct 06, 2010 09:59 AM

    If you dont want it to be monitored you can exclude sepm too

    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/589bc3406761c16680257412003cd94a?OpenDocument

     

    Enable excluded hosts Enables you set up a list of hosts for which the client ignores all inbound and outbound traffic.
    The firewall and the IPS signatures do not scan these hosts for firewall rules, matching attack signatures, port scans, anti-MAC spoofing, or denial-of-service attacks.
    This option is disabled by default.


  • 3.  RE: IPS - Excluded Hosts and Firewall

    Broadcom Employee
    Posted Oct 06, 2010 10:03 AM

    yes, for firewall and IPS traffic



  • 4.  RE: IPS - Excluded Hosts and Firewall

    Posted Oct 06, 2010 10:27 AM

    Thanks for the quick responses!