Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Policy question

Created: 19 Jan 2012 | 3 comments
lastday's picture
lastday
0 0 Votes
Login to vote

Sorry, I am new to SEP12

I am actually testing the firewall policy on some of the clients. What I understand is if I change the policy on the server, the client will be updated accordingly, but this doesn't seem to be the case in my testing. Can someone advice if I am missing something.

Configuration

Single SEPM with embedded database installed on a Windows 2008 R2 server.

Export the default installation package, package1, (full client protection) without attaching any policy.

Under the default group, I disabled the policies and settings inheritance.All the policy in this group is the default shared policy.

I installed the client with package1 and the client showed up in the default group. Everything looks good from this point.

I then disabled the firewall policy under the policy tab and checked that setting again in the default group and make sure it is disabled.

However, the client still have the firewall policy applied to it even if I restarted the computer, update content from the server and etc.

Is this normal behavior? I thought the FW policy will be disabled even if I have the full client protection package installed.

Thanks

 

 

Discussion Filed Under:
, , ,

Comments

mon_raralio's picture
19
Jan
2012
0 Votes 0
Login to vote
mon_raralio

Disabled policy

Hi,

Even if the policy is disabled in the SEPM server (greyed out) it would still be shown as online on the client side. The service will still be up, even if it is doing nothing. You can do some FW related test on a client to verify that there are no rules being enforced. One test I would do is to make changes to the disabled firewall policy while retaining the disabled status. If the client requests for a reboot for changes to take effect, the firewall is still up and running.

“Your most unhappy customers are your greatest source of learning.”

pete_4u2002's picture
19
Jan
2012
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

the module will show up, the

the module will show up, the policy won't be implemented on the client ( assuming it has taken new policy).

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

lastday's picture
20
Jan
2012
0 Votes 0
Login to vote
lastday

yes, the policy was greyed

yes, the policy was greyed out.

I checked the Windows firewall settings and it said the settings are being managed by vendor applications Symantec Endpoint Protection. The following options of Windows firewall is unavailable regarding I turned on or off the Symantec Network Threat Protection.

Allow a program or feature through Windows firewall

Change notification  settings

Turn Windows Firewall on or off

Restore defaults

I tested the policy and it indeed didn't apply to the client until I enable it, so this part is working.

The part that I don't understand is why the managed client still have the network protection feature enable even if the Firewall policy is not enabled on SEPM.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,008