Endpoint Protection Small Business Edition

 View Only
Back to discussions
Expand all | Collapse all

Ports are open without a rule.

  • 1.  Ports are open without a rule.

    Posted Mar 07, 2011 10:27 AM

    Hi Guys,

    Attached is my local SEP 11.0.6200 firewall configuration, and SEPM relevant firewall policy. For some reason, any computer in the network can connect to what should be closed ports of other computers. I tested it over port 80 and 443. Can you tell me the reason for that? is there a hidden rule or something?



  • 2.  RE: Ports are open without a rule.

    Posted Mar 07, 2011 10:53 AM

    Are you sure you are applying the firewall policy to the group(s) that you are testing? How are you testing this? What happens if you put a "block all" rule at the top of your policy?



  • 3.  RE: Ports are open without a rule.

    Posted Mar 07, 2011 01:31 PM

    Check your user control level. If it's "Client control", the SEPM firewall rules are ignored by the clients, which are using their own ones. And your SEPM blocking rule would be ignored.

    See Clients > [group] > Policies > Location-specific Settings > Client User Interface Control Settings

    If you want to enforce the SEPM firewall rules on your clients, change to "Server control". In this case, the client firewall rules are ignored.

    If you want to use both kinds of rules, you must use "Mixed control". Then you should put your SEPM blocking rule above the blue line. Otherwise, it can be overruled by the client rules.



  • 4.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 01:21 AM

    Thanks for your replies,

    Greg - my environment is indeed set to Mixed Mode...

    I have moved my PC to the (empty) Default Group and created a new policy that allows Outgoing TCP and UDP comms, and blocks all other traffic. Furthermore, I have changed my local SEP firewall configuration so now only the default blocking rules are enabled.

    I've made sure that the new policy was applied to my PC, then Telneted to port 80 of my PC from another computer. Wide open...



  • 5.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 01:49 AM

    can u block it under services.

    http://98.129.119.162/connect/forums/need-advice-how-create-firewall-rule-block-port



  • 6.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 02:49 AM
      |   view attached

    I added a Block rule for HTTP server (see attached), same result.

    Also, the traffic doesn't show on the logs at all - not as Incoming on Port 80, not as Incoming to a specific application, and not as Allowed/Blocked.



  • 7.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 04:06 AM

    Guys,

    Another important update -  I changed Control Settings to client, and my local firewall is now blocking the Incoming connections, as it should. How is that possible? SEPM's Firewall policy is also set to block Incoming connections, but for some reason it doesn't.



  • 8.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 04:38 AM

    in your sepm policy, there is blue line if you notice so whatever above that line is server control, below is client control

    i think that made the diff



  • 9.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 07:05 AM

    above the line means server control,

    and you push down those rules below the blue line and check if that working



  • 10.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 08:21 AM
      |   view attached

    Same deal. Blue bar location doesn't change the behavior.

    frustrating :-(



  • 11.  RE: Ports are open without a rule.

    Posted Mar 08, 2011 08:24 AM

    All SEPM rules are above the line... don't they take precedence? Also, on the client there are 3 rules enabled - all of them configured to block traffic.

    When I'm server control or Mixed mode - all gets through.

    When I'm Client control - the 3 rules start working and do the job.