Endpoint Protection

 View Only

  • 1.  Policy/rules not working when modified

    Posted Jan 28, 2011 03:16 PM

    We have a server that has 3 NICs. On 1 of the NICs we wish to stop some types of inbound traffic. Have set rule in policy specifically assigned to that server.

    To TEST We have made severity 0-Critical, any app, any host, any time, Service IP with type 1 (icmp), any adapter, block.

    We can still ping from anywhere.

    We've udated policy from server and updated content from EP manager.

    We can still ping...

    HELP.

    Thanks,

    John



  • 2.  RE: Policy/rules not working when modified
    Best Answer

    Posted Jan 28, 2011 08:50 PM

    Moving to antivirus forum for you.



  • 3.  RE: Policy/rules not working when modified

    Posted Jan 29, 2011 06:38 AM

    Is it for both directions? Also, move the  rule  to the top of the rule's list..

     

    Also, see this:

    Rules are categorized as server rules or client rules: Server rules are created on the management server and downloaded to the client. Client rules are the rules that a user creates on a client.
    The following shows the relationship between the client user’s control level and the user’s interaction regarding firewall rules:

    • In Server Control the client receives server rules, but the user cannot view them. The user cannot create client rules.
    • In Mixed Control, the client receives server rules and the user can view those rules in the Firewall Rules dialog box. The user can also create rules that are merged with existing rules. However, client rules go below the blue line and have a lesser priority.
    • In Client Control, the client has full control. A best practice is to use caution when giving your users mixed or client control.


    For clients in mixed control, the firewall processes server rules and client rules in a particular order. Server rules with high priority levels are processed first. Client rules are processed second, and server rules with a lower priority are processed last.
    Use caution when setting a client to mixed control, because the user can create a client rule that allows all traffic, and this rule overrides all server rules below the blue line



  • 4.  RE: Policy/rules not working when modified

    Posted Jan 31, 2011 12:47 PM

    thanks newb here...

    any ideas? we created a test rule at the SEP Manager Console and moved it to top of rules (number 1) and marked 0-critical. for service, we put IP[1], on all adapters...to Block. In other words, to test we simply wanted to see if we could block ping. BTW, clients not allowed to create firewall rules.

    Darn thing simply refuses to work. We "update policy" from client...but ping still works.

     

    Thanks for any ideas,

    Klingonwork32



  • 5.  RE: Policy/rules not working when modified

    Posted Jan 31, 2011 12:59 PM

    Is the NTP component installed?