Endpoint Protection

Recently we upgraded to 12 Endpoint from 11.

Everything went good. But few LAN games stopped working, for example Grand Theft Auto IV LAN multiplayer and Command and Conquer Generals: Zero Hour. If i withdraw firewall rule, everything works. Anyone has an idea, what exactly i must allow for games to work? With Endpoint 11 there was no such problem. Thank you.

What is the Traffic log showing on affected clients? Perhaps the rule needs to be modified with new ports or apps

Hi,

The Network Threat Protection logs contain information about attacks on the firewall and on intrusion prevention. Information is available about denial-of-service attacks, port scans, and the changes that were made to executable files. They also contain information about the connections that are made through the firewall (traffic), and the data packets that pass through.

How to add a rule using the"Add Firewall Rule Wizard"

http://www.symantec.com/docs/TECH105048

Thank you for your replies. I checked my Network Threat Protection Logs. The PC's from which i tryed to host LAN multiplayer game are even not in that log. I have no idea which rule to create.

Maybe someone can answer what changed from DEFAULT policy of Firewall in SEP12 compared to SEP11? On 11 i had no such problem.. And i really don't want to withdraw firewall rule, just to make games work...

Anyone? help please...

12.1 default policy here:

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

There still should be something showing in the firewall log,otherwise, it may not be the rules in place causing the issue. Anything showing in the security log?

No, Brian. My security log is just empty for that PC's. If not rules, than what? I repeat, if i withdraw firewall rule, problem vanish.

The problem is likely that it's hitting rule #31, Block all other traffic and don't log.

Enable logging and you will see what the issue is.

Re-produce your problem, check your Traffic log again after logging has been enabled and from here you can make adjustments to your current ruleset.

mmm, okay, i will try!

Hi,

Check other logs as well, see if SONAR, Autoprotect is blocking an application.

Check if this article can be of any help.

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/docs/TECH92553

But if it is Sonar or Autoprotect, why withdrawing Firewall rule does help?

Autoprotect and SONAR are both unrelated to this issue...it's likely rule #31 as the cause.

Could you attach traffic logs?

i will

Make sure you note the times when yo do the testing to make it a little easier to correlate.

I did some serious testing. In my logs nothing is showing. I tryed to disable all rules one by one, and trying game after each. I ended up disabling all rules i had, but still game didn't work. But withdrawing firewall rule helps instantly...

I am really out of ideas now :(

Hi,

If the ports and protocols which the application uses are not known, please consult the application vendor's documentation. Most vendors will specify which network ports and protocols their application uses to function so that firewalls may be configured appropriatel.

Do not withdraw the policy, In order to confirm that the SEP firewall is blocking network traffic, it is helpful to create a rule which will allow all network traffic through the firewall. If the application issue is resolved by adding this rule, this confirms that SEP's firewall configuration needs to be modified to allow the application's network traffic through

Refer this article: How to troubleshoot blocked network traffic with the Symantec Endpoint Protection firewall

http://www.symantec.com/docs/TECH203497 

OR

Refer this video: http://www.symantec.com/tv/allvideos/details.jsp?vid=2270531639001

And you enabled logging for the last rule? You may as well enable logging for all rules while you're at it. If nothing comes up, call support.

I did, but no effect.. And as i found out later not point at all, since problem exist if i disable absolutely all rules...

Thank you! i will try this tomorrow!

Chetan!

i tryed creating this rule, and yes. my games worked!

So what's my next step?

The problem is the firewall is blocking it but you say nothing is showing up in the logs. This is odd.

Why don't just create a rule to allow traffic to/from the game host?

mmm, one rule for each game? But as i wrote above, if i delete all the rules from firewall policy, still games not working... In which log exactly must i look? from SEPM.

Yea that's because when you delete all the rules from the policy it defaults to blocking all traffic.

All firewall traffic is generated in the Traffic log.

Yes, you will need to add exclusions to either allow the app or the traffic to/from your game servers.

I don't know why you don't see anything in the traffic and assuming you do have logging turned on for all rules you should be seeing quite a bit of logs. Doesn't make sense to me but since I'm trying to help remotely, I obviously ca't see what you're doing.

This has went on for awhile, may want to contact support so they can remote into your environment.

mm ok, i will do more testing, and update this thread

Hi

Modify a registry key to increase the number of filter drivers on the system.
         Please check the detailed instructions on how to go through this using this link below -
         URL: www.symantec.com/docs/167382

Reinstall SEP Client. This is just to make sure that we are re-deploying the Firewall drivers correctly. Repairing the Firewall component might not be able to help us.

Regards

Hi,

Is there any update?

I tryed all the suggestions, and still couldnt find right rules... I ended with this All Allow rule being active... :(

I tryed reinstalling... no effect on my problem

Ehhh I'd recommend calling support so they can work with you remotely. I wouldn't want to leave that rule in place....

Currently I do not really need firewall on all machines. I left it on only on my server and few non-gaming machines. Still, thanks all for help. I mark thread as solved. If i find out what was blocking games, i'll write here.