Endpoint Protection

 View Only
  • 1.  Network Threat Protection firewall rules

    Posted Mar 28, 2011 09:40 AM

    I have SEP 11.0.6000.550 with Network Threat protection installed on a BES and I would like to block everything except what is needed to keep the BES running properly. I have rules setup for the BES, Exchange, DCs, a few others and I have a rule to block "Deny all except when explicitly authorized", All hosts and Specific IP Protocols. No matter where I put the Deny all rule at the top or bottom it still blocks everything.

    I know Symantec recommends placing the most restrictive rules first and the least last. The Specific IP Protocal rules does not even list the ports I want open and listed in the other rules.

     

    Any advice would be appreciated. Thanks.



  • 2.  RE: Network Threat Protection firewall rules

    Posted Mar 28, 2011 09:51 AM

    Make sure your rules for BES, Exchange, and DC's are set up correctly. When traffic is passed through the firewall, it will check each rule in order starting from the top. Once a match is made, the policy stops at that rule and all other rules below will be ignored. I would try testing policy with an "Allow All" rule at the top then moving it down one rule at a time till you get to the problem rule. Troubleshoot the FW policy from there.

    Check this -

    Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

     

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d29b17f62f36c49f882573b400333bd4?OpenDocument

     

    Moving to the Endpoint Protection forum.