Video Screencast Help

Need help to configure SEP Firewall 12.1

Created: 27 May 2013 | 5 comments

Hi all

I need to enable the firewall policy in one group (5 pcs) only as the below configuration:

-This group can access any vlan

-No one can access this group without permission expect (3 IPs)

the most important thing that i want to deny (local hidden share)

any help


Operating Systems:

Comments 5 CommentsJump to latest comment

Brɨan's picture

Probably will need 3 rules here.

Configure 2 allow rules, one for the IPs that need access and one for the VLANs these machines are allowed to access. Move the rules to the top of the list.

Configure a DENY_All type rule and move just underneath the the 2 allow rules.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Symsys's picture

i will try, and what about the defualt rules in policy. should i remove it or not?


pete_4u2002's picture

if those are required keep as it is , else disable it. the newly configured rule can be configured on top of the list.

AjinBabu's picture


Keep in mind the following

 How to create a firewall policy



Add a firewall policy

When you create a new policy, you give it a name and a description. You also specify the groups to which the policy is applied.

A firewall policy is automatically enabled when you create it. But you can disable if you need to.

Create firewall rules

Firewall rules are the policy components that control how the firewall protects client computers from malicious incoming traffic and applications. The firewall automatically checks all incoming packets and outgoing packets against these rules. It allows or blocks the packets based on the information that is specified in rules. You can modify the default rules, create new rules, or disable the default rules.

When you create a new Firewall policy, Symantec Endpoint Protection provides default firewall rules.

The default firewall rules are enabled by default.

Enable and customize notifications to users that access to an application is blocked

You can send users a notification that an application that they want to access is blocked.

These settings are disabled by default.

Enable automatic firewall rules

You can enable the options that automatically permit communication between certain network services. These options eliminate the need to create the rules that explicitly allow those services. You can also enable traffic settings to detect and block the traffic that communicates through NetBIOS and token rings.

Only the traffic protocols are enabled by default.

If the Symantec Endpoint Protection client detects a network attack, it can automatically block the connection to ensure that the client computer is safe. The client activates an Active Response, which automatically blocks all communication to and from the attacking computer for a set period of time. The IP address of the attacking computer is blocked for a single location.

This option is disabled by default.

Configure protection and stealth settings

You can enable settings to detect and log potential attacks on the client and block spoofing attempts.

You can enable the settings that prevent outside attacks from detecting information about your clients.

All of the protection options and stealth options are disabled by default.

Integrate the Symantec Endpoint Protection firewall with the Windows firewall

You can specify the conditions in which Symantec Endpoint Protection disables the Windows firewall. When Symantec Endpoint Protection is uninstalled, Symantec Endpoint Protection restores the Windows firewall setting to the state it was in before Symantec Endpoint Protection was installed.

The default setting is to disable the Windows firewall once only and to disable the Windows firewall disabled message.

Configure peer-to-peer authentication

You can use peer-to-peer authentication to allow a remote client computer (peer) to connect to another client computer (authenticator) within the same corporate network. The authenticator temporarily blocks inbound TCP and UDP traffic from the remote computer until the remote computer passes the Host Integrity check.


You can only view and enable this option if you install and license Symantec Network Access Control.

This option is disabled by default.



Symsys's picture

I need to apply the following regarding the attached scenario