Network Access Control

 Hello there

 

I've got a big problem, and I don't know where I should find a solution for it. In my company, we've got Symantec Endpoint Protection version 11.0.4000.2295 (with the java management... -.-). Anyway, I want to install the firewall solution on our notebooks.

 

We are currently testing this firewall solution and need some help with it. When we block the port 5900 and 5800 (incoming and outgoing traffic of VNC) the firewall of my computer will block the traffic from vnc four times, but the fifth time I can pass through the firewall with vnc.

Because of what? Is it normal or a "good statistic" for symantec to block 4 attacks out of 5? I hope not ..

 

There are so many questions like:

Why does the policy "block all other traffic" not work

Why does the policy "allow IP traffic" allows ALL traffic? and if I block or dissable this policy I can't even reeach my fileserver?

 

I hope there is someone who can answer to this questions ;-)

 

So long.. have a nice day..

Have you already applied the policy to specific/all groups intended for the test?

Hey there

Yes I've applied the policy. We have set up a testgroup and then I defined the policy as "non common use". It is the default policy from symantec. So in this policy there are the default rules, and then I tried to configure the policy, but I became desprate as I want to define some special rules. 

The goal is to understand the rules, but there's a  big problem with the default rules.

The rule "block every other traffic" at the end of the rule-set is ok. And I understand it.
Two rules before is a rule named "All IP Traffic allowed" witch allows all the ip protocol traffic. Now: if I deactivate this rule, all traffic will be blocked, and that's not the goal. So how can I define some special rules without the stupid "allow all" rule?

And why does the firewall block the traffic of vnc four times but the fifth one I can pass through it?
(Ports 5800 / 5900 are blocked, this are the ports from VNC)

so long..
thank you for your time!

Have you check the logs if these ports are really blocked? Do you have any fw software installed on your pc besides NTP?

 Hello

No there is no other software on our computers.
But I think I've got it. There is a special way to configure the firewall. I've to allow the ports and the specific application that uses that port (i.e. iexplore.exe or chrome.exe). If the application is allowed to use the port, then the traffic goes through.

So I allowed all applications (*) and configured the specific port I want to allow and now I think it works.

So long...

Have a nice day!

Configure your firewall according to the Traffic Logs.You will find it easier.

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121714495348

U must redo your firewall configuration

hello, I read the article feels it s interesting to read so I add to it my must-read.

You should get the Symantec Latest Endpoint protection 11.0.