Endpoint Protection

Hi,

I have created a policy for 3 clients as below.

Rule0, Allow Connections, All Applications, Only the computer and sites listed below (selected 3 clients by their IP address), All types of communications, log entry (no).

This rule is enabled as No.1 with severity of Major5.

But the clients unable to browse the network

If I Add another rule

Rule1, Allow Connections, All Applications, Any Computer or Site, All types of communications, log entry (no).

This rule is enabled as No.2 (after disabling the No.1 rule) with severity of Major5

Then all the three (infact all computers in the network) can browse the network.

what could be wrong here with Rule0 - I want only these three clients should access for all application.

SEPM as 12.1.6168.6000, clients as 12.1.6318.6000

Any help appreciated.

Rules are processed top to bottom, 

Rule0, will allow three clients to Remote Host... 192..

any other requests will be blocked.

Then it moves to Rule1 , if defined or else it would just follow rule0 and stop .

Hi Rafeeq, thanks for the reply,

I think you mistook the rules.

Rule0 and Rule1 in the top, but I enabled only one at a time.

If Rule0 enabled then, rule1 disabled.

If Rule1 enabled then, rule0 disabled.

clients can only browse with rule1 but not with rule0.

Any ideas? below is the problematic rule0

Rule0, Allow Connections, All Applications, Only the computer and sites listed below (selected 3 clients by their IP address), All types of communications, log entry (no).

This rule is enabled as No.1 with severity of Major5.

What is the difference between "allow rules for all clients vs only few clients? for few clients I have added them with their respective IP address"

Thanks,

Hi,

Thank you for posting your query in Symantec community.

Could you please share more details what exactly you want to achieve.

You want to allow only 3 computers to browser the netwowk?

Hi Chetan,

Thanks for your reply. We do have a member server apart from the main server. I want to give access(application shared path) from member server for 3 clients.

I am able to do by Rule1(for entire clients), but not with Rule0(only for 3 members).

If there is no rule applied, then clients are getting ''unable to browse network''. So I overcome this by creating a rule(rule0) to gain access for 3 members; but with rule0 error still persists.

Thanks,

Anver

Did you check your traffic log to see exactly what is being blocked? Make sure you have logging enable for your rules, especially the last two in the ruleset.

Troubleshoot blocked network traffic due to the Endpoint Protection firewall

Enable logging and collect traffic logs from those 3 affected machines. Instead of IP address have you tried IP range or local subnet for testing purpose.
 

Hi Brian and Chetan,

Thanks for your replies, I have enabled the traffic logs now, if I am not confused then, subject logs should be under "Monitor-Logs-Network Threat-Traffic-Default, am I correct? (Currently rule for for the 3 specific IP is disbled, I will enable once the user session is over.)

No luck with IP Ranges aswell.

what could be the difference in the rule - by specific address vs all IPs. In the rule all other prompts are same for both rule instead "any computer/site'' selected ''only the selected computer/site".

Thanks for valuable input.