Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Questions about SEP / SEPM Config

Created: 04 Sep 2012 • Updated: 09 Sep 2012 | 4 comments
This issue has been solved. See solution.

Hello,

we're currently evaluating SEP and I have a few questions concerning configuration, which I couldn't find anything about.

1. Is it possible to enable / disable the SEP Firewall depending on where the client is at?

I created a location that checks if the client can reach the management server and switches to different policies if it can't, but i couldn't find a policy option, that enables / disables the firewall.

2. Is is possible to make a client use different e-mail servers for reporting risks when in office and when out of office?

In our current solution, local clients use our exchange server and clients without connection to our network use a different e-mail server and I want to keep it that way with SEP

Comments 4 CommentsJump to latest comment

dgh's picture

1 - We use location based policies to switch the Firewall settings. It does not actually turn the firewall on and off, but the effect is the same. We use various IP, DNS and connectivity checks to determine the location, and if the client is in a public location (eg hotel, coffee shop) the firewall is quite aggressive, while in a trusted location it passes almost all traffic so is effectively off.

2 - a managed client reports to the SEPM, and it is the SEPM which issues the warning email. I have little experience with unmanaged clients so I do not know how they issue alerts.

pete_4u2002's picture

1. Is it possible to enable / disable the SEP Firewall depending on where the client is at?

I created a location that checks if the client can reach the management server and switches to different policies if it can't, but i couldn't find a policy option, that enables / disables the firewall.

depending on location you can turn off policy

2. Is is possible to make a client use different e-mail servers for reporting risks when in office and when out of office?

no, SEPM is the one that sends email alerts. If it contacts another SEPM and the email configuration on that SEPM is different then yes you can achieve it.

Mithun Sanghavi's picture

Hello,

Here are the Answers - 

1. Is it possible to enable / disable the SEP Firewall depending on where the client is at?

I created a location that checks if the client can reach the management server and switches to different policies if it can't, but i couldn't find a policy option, that enables / disables the firewall.

A key setting to enable is "Allow users to enable and disable Firewall" which should be called “Allow … Network Threat Protection”  not Firewall in my opinion.

This setting  is found under the client group, >  Location Specific Settings  >  Server Control  >  Customize button.

Check this Thread below:

https://www-secure.symantec.com/connect/forums/sep-121-normal-users-cannot-disable-firewall

2. Is is possible to make a client use different e-mail servers for reporting risks when in office and when out of office?

In our current solution, local clients use our exchange server and clients without connection to our network use a different e-mail server and I want to keep it that way with SEP

SEPM sends the notification email and not the SEP clients.

SEP clients all the logs to the SEPM and then SEPM sends the email Notification.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

I thought I might take a stab at these too smiley

1.  To disable the firewall, all you need to do is withdraw the firewall policy from the location in question.  The below articles might help:

http://www.symantec.com/docs/HOWTO55192
http://www.symantec.com/docs/TECH162868

2.  As others have mentioned, it's the SEPM that sends email notifications, and the SEPM will not send any notification until it knows about the threat (i.e. the SEP Client has uploaded its logs).

Clearly, this can pose a bit of a problem if the SEP Client is outside the corporate network and cannot contact the SEPM.  If this notification and reporting of clients outside the corporate network is a mandatory requirement, you may wish to consider setting up and externally accessible SEPM in the DMZ.  More info can be found in the below article:

http://www.symantec.com/docs/TECH178325

SOLUTION