Endpoint Protection

 View Only

  • 1.  SEP 11 - Firewalll Disable when reach the Server - Enable when no Server

    Posted Oct 06, 2009 10:30 AM
    Hi there

    Is there any possibility to disable the SEP Firewall when the Client can reach the SEP - Server and enable when he doesn't reach the server or domain?

    Thanks


  • 2.  RE: SEP 11 - Firewalll Disable when reach the Server - Enable when no Server

    Posted Oct 06, 2009 10:39 AM
    You bet.  Location awareness is your answer.  Take a look at this for an overview of location awareness.  Basically you will create a second location in the policy that either withdraws the firewall policy or sets the firewall rules to open.

    https://www-secure.symantec.com/connect/articles/location-awareness-using-multiple-management-server-lists

    If you want additional help with this send me a PM and I will help you through the process.


  • 3.  RE: SEP 11 - Firewalll Disable when reach the Server - Enable when no Server

    Posted Oct 06, 2009 10:50 AM
    Very good thought,we do not have this option as of now, but i think the objective can be achieved.
    You need to have all the 3 components installed , however the action can be controlled by policies.
    1) We can set your default firewall policy to blank, meaning it does nothing( same like not having NTP installed, process would run but no action)

    2)You can set a "additional location by following this document"
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040212410248
    while configuring the condition.
    select the option , client can connect to management server
    now select second option cleint cannot connect to management server
    this will add a location.
    you can set a firewall rule according to your security settings.

    with this, when they are able to connect, rule 1 is applied
    when they are not able to connect rule 2 is applied.

    It would be good if you have have this idea setup under our ideas section.







  • 4.  RE: SEP 11 - Firewalll Disable when reach the Server - Enable when no Server

    Posted Oct 06, 2009 11:03 AM
    Jeff Wichman is right. I would do this with location awareness.

    I have also written an article about this and you can find it here = https://www-secure.symantec.com/connect/articles/locations-based-rules-and-what-are-they-good


  • 5.  RE: SEP 11 - Firewalll Disable when reach the Server - Enable when no Server

    Posted Oct 06, 2009 11:24 AM
    You might want to add a few more triggers along with "reaching the management server".

    Say adding a list of dns servers.

    So if the management server goes offline and you are still connected to the network you won't automatically flip policies, unless that is your intent.

    We generally are looking for a change in network connections and validation that we are or are not on the intended network.

    toko


  • 6.  RE: SEP 11 - Firewalll Disable when reach the Server - Enable when no Server

    Posted Oct 15, 2009 02:10 AM
    We use a combination of wins / dns servers and local ip ranges to  trigger the location awareness for the trusted network. It works perfect. To use the SEP server as trigger we do not use and I  cannot understand why andy SEP consultant would recommend it (they have several times done this for us).