Video Screencast Help

Network Threat Protection Stays active after Location Awareness Switch

Created: 14 May 2013 • Updated: 14 May 2013 | 3 comments

SEPM and client are running 12.1.2015.2015.

Client is in a test group with 3 locations:  On Network (no rules), VPN Network (by IP Ranges), Off Network (Cannot resolve, ping nor connect to the SEPM).  On network has NTP and IPS disabled by policy.  VPN and Off Network both have them enabled.  Live Update policy points to Symantec servers for Off Network and VPN, but local SEPM or GUP for On Network.

Client is switching locations properly, and the live update policy works properly based on their location.  But SOME clients that report being On Network are still blocking traffic via network threat.

My question is:

Can the firewall be enabled and disabled on the fly based on location awareness settings?  Or would I be better served to create a firewall policy that is enabled, but allows all traffic, thus effectively turning off any blocking?  My eventual goal is to turn firewall on for all three locations, but I am still testing our firewall rules and am not ready to implement it in production yet, but would like to add the extra security for off network and VPN clients immediately.

Any help/advice is much appreciated.

Thanks,

Operating Systems:

Comments 3 CommentsJump to latest comment

_Brian's picture

Either of those choices are valid but the bigger question/problem is why NTP is not disabled once the client switches to the On Network location.

So it is only happening to some clients and on the rest NTP disables as expected once it switches to On network? Are these affected different from the clients that work?

I would run the SymHelp tool to check for errors and possibly enable WPP logging to show the auto switching. You can enable WPP logging via the SymHelp tool:

How to use the Symantec Help Tool to collect data for Support.

Article:TECH203599  |  Created: 2013-03-07  |  Updated: 2013-03-07  |  Article URL http://www.symantec.com/docs/TECH203599

 

Enable WPP logging and let it run while you re-produce the problem. If you decide to call support these logs will help them in troubleshooting.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Wright1968's picture

I concur that that is a better question.  This client was just upgraded from SEP 11 to SEP 12 recently.  I haven't yet run the SymHelp tool, but will do that and see what I find.  Thanks for the input.

SebastianZ's picture

"On network has NTP and IPS disabled by policy."

Have you tried already removing the NTP policy completely from the "On Network" location - what's happening in this configuration?