Hello,

I am looking for some information on configuring SEP firewall policies on Windows 7 to allow Windows Branchcache feature. I have been asking on Microsoft technet forums https://social.technet.microsoft.com/Forums/en-US/fc95c28f-7aa3-4a4f-85d9-bdf98929dc70/allow-clients-to-share-content-with-other-clients-on-the-same-subnet?forum=configmanagergeneral but havent been able to make any progress.

Hence I just wanted to know if anyone has tried this before? Windows firewall on Windows 7 estate is disabled as SEP is present. Becuase of this, the out of the box branchcache/firewall configuration GPOs do not seem to work.

Any help will be much appreicated.

Best wishes,

Steve

You need to check your Traffic log, as it should contain what is being blocked. Ideally you want to get a list of ports so you can allow them in the SEP firewall.

try this

Using (Enabling) Windows Firewall with Symantec Endpoint Protection Network Threat Protection installed

http://www.symantec.com/business/support/index?page=content&id=TECH197660

Hi,

I did some research on it, we need to identify what ports are used to share content with other clients on the same subnet. By default it uses

• HTTP (port 80) for content retrieval using BranchCache retrieval protocol.
• WS-Discovery (port 3702 UDP) for content discovery in distributed cache mode.
• HTTPS (port 443) for content upload in hosted cache mode using hosted cache protocol.

Port 80 and 443 are by default allowed, need to check port 3702 is allowed or not?

SEP will block the traffic if default rule did not allow to go through.

Could you share the traffic logs of affected computer. Is it blocking port 3702?

Also, Can you look at the firewall policies in the SEPM?