Video Screencast Help

Need help to configure SEP Firewall 12.1

Created: 27 May 2013 | 5 comments

Hi all

I need to enable the firewall policy in one group (5 pcs) only as the below configuration:

-This group can access any vlan

-No one can access this group without permission expect (3 IPs)

 

the most important thing that i want to deny (local hidden share)

 

any help

 

 

Thanks

 

Operating Systems:

Comments 5 CommentsJump to latest comment

.Brian's picture

Probably will need 3 rules here.

Configure 2 allow rules, one for the IPs that need access and one for the VLANs these machines are allowed to access. Move the rules to the top of the list.

Configure a DENY_All type rule and move just underneath the the 2 allow rules.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Symsys's picture

i will try, and what about the defualt rules in policy. should i remove it or not?

 

Thanks

firewall.JPG
pete_4u2002's picture

if those are required keep as it is , else disable it. the newly configured rule can be configured on top of the list.

AjinBabu's picture

HI 

Keep in mind the following

 How to create a firewall policy

Task

Description

Add a firewall policy

When you create a new policy, you give it a name and a description. You also specify the groups to which the policy is applied.

A firewall policy is automatically enabled when you create it. But you can disable if you need to.

Create firewall rules

Firewall rules are the policy components that control how the firewall protects client computers from malicious incoming traffic and applications. The firewall automatically checks all incoming packets and outgoing packets against these rules. It allows or blocks the packets based on the information that is specified in rules. You can modify the default rules, create new rules, or disable the default rules.

When you create a new Firewall policy, Symantec Endpoint Protection provides default firewall rules.

The default firewall rules are enabled by default.

Enable and customize notifications to users that access to an application is blocked

You can send users a notification that an application that they want to access is blocked.

These settings are disabled by default.

Enable automatic firewall rules

You can enable the options that automatically permit communication between certain network services. These options eliminate the need to create the rules that explicitly allow those services. You can also enable traffic settings to detect and block the traffic that communicates through NetBIOS and token rings.

Only the traffic protocols are enabled by default.

 

If the Symantec Endpoint Protection client detects a network attack, it can automatically block the connection to ensure that the client computer is safe. The client activates an Active Response, which automatically blocks all communication to and from the attacking computer for a set period of time. The IP address of the attacking computer is blocked for a single location.

This option is disabled by default.

Configure protection and stealth settings

You can enable settings to detect and log potential attacks on the client and block spoofing attempts.

You can enable the settings that prevent outside attacks from detecting information about your clients.

All of the protection options and stealth options are disabled by default.

Integrate the Symantec Endpoint Protection firewall with the Windows firewall

You can specify the conditions in which Symantec Endpoint Protection disables the Windows firewall. When Symantec Endpoint Protection is uninstalled, Symantec Endpoint Protection restores the Windows firewall setting to the state it was in before Symantec Endpoint Protection was installed.

The default setting is to disable the Windows firewall once only and to disable the Windows firewall disabled message.

Configure peer-to-peer authentication

You can use peer-to-peer authentication to allow a remote client computer (peer) to connect to another client computer (authenticator) within the same corporate network. The authenticator temporarily blocks inbound TCP and UDP traffic from the remote computer until the remote computer passes the Host Integrity check.

Note:

You can only view and enable this option if you install and license Symantec Network Access Control.

This option is disabled by default.

Regards

Ajin

Symsys's picture

I need to apply the following regarding the attached scenario

fire.JPG