Endpoint Protection

Hi,

I've been asked by my security team, as to why Symantec is not communicationg on protected / secure channel in my company ?

because it seems that the reporting page is using only HTTP protocol "http://SEPM-Server01:8014/Reporting/login/login.php" 

 

but when you see the above it says 443 SSL encrypted ?

the porrt 443 mentioned is ablut the SEP and SEPM client communication not the reporting

port 443: Optional secured HTTPS communication between a SEP Manager and SEP clients and Enforcers

if you want reporting to be on secured used 8443

port 8443: HTTPS communication between a remote management console and the SEP Manager. All login information and administrative communication takes place using this secure port

check the port used by SEP

http://www.symantec.com/business/support/index?page=content&id=TECH163787

 

Hi,

Check this artical it may be help

Symantec Endpoint Protection 12.1: Enabling SSL Between the Manager and Clients

http://www.symantec.com/business/support/index?page=content&id=TECH162326

thanks guys, because changing the http into https the URL doesn't work at all.

FYI: this is using SEPM v 12.1 RU 1

hi,

Check this attachment.

 

Thanks for the response guys,

Pete, I've tried to go to: https://SEPM-Server01:8443/Reporting/login/login.php yes it opens up SEPM Web Access and I can see the certificate error (red address bar).

does this means that the console is still encrypted ?

If you use SEPM 12.1, you should have access to Reporting in HTTPS only (improvement compared to SEPM 11.0):

https://YOURSERVERNAME:8445/reporting

 

Regarding Client-Server communication, you can configure SSL as previously mentioned.

 

John,

I've successfully connected to the reporting page by using this URL: https://SEPMServer-vm:8445/Reporting/login/login.php does that means the channel is secured even though the address bar is red ?

Yes, the address bar is red because the certificate used is self-signed. You may make it known by Internet Explorer following this article:
http://www.symantec.com/docs/TECH123686

 

I am using external cert, 
when i put https:\\fqdn:8443,  there is green url and works fine.

but when launch reporting url by https://fqdn:8445/Reporting/login/login.php, it change itself to https://hostname:8445/Reporting/login/login.php

and then due to difference in url and certificate server name, The red error on url comes up.

now the question is why fqdn changes itself to hostname only.
Original Message:
Sent: 08-22-2012 05:57 AM
From: Migration User
Subject: Securing SEPM report page http://SEPM-Server01:8014/Reporting/login/login.php

Yes, the address bar is red because the certificate used is self-signed. You may make it known by Internet Explorer following this article:
http://www.symantec.com/docs/TECH123686

 

Ah, I see now, so it is already encrypted by SSL certificate (self signed by the SEPM) the article that you provided was just to "Installing" it into the browser CA list to make the bar goes green.

 

cmiiw ?

Correct.

Thanks John !