Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1 firewall blocking

Created: 09 Feb 2012 • Updated: 04 Feb 2014 | 3 comments
This issue has been solved. See solution.

Sorry to bring an old post up, as this as already been asked, but we're also facing the same issue, and the previous post wasn't answered.

The solution envolved running wireshark on the affected workstations which is not feasible in my environment. As I'm receiving logs via Syslog, I guess the message might bring some clarification:

Feb  8 12:07:17 xxx.xxx.xxx.xxx Feb  8 12:07:00 SymantecServer xxxxxx: xxxxxx,Local: 0.0.0.0,Local: 0,Local: 01000C000000,Remote: 0.0.0.0,Remote: ,Remote: 0,Remote: 0011210CABF5,7,1,Begin: 2012-02-08 12:05:09,End: 2012-02-08 12:05:09,Occurrences: 1,Application: ,Rule: Block all other traffic,Location: Default,User: xxxxxx,Domain: xxxxxx,Action: Blocked

The field that normally identifies the protocol is reporting 7, which, if the log maintains it's structure, should refer to IP protocol number 7 or CBT (Core-Based Trees). The remote MAC is for a Cisco device but the local one is not listed in any vendors list.

I've allowed IP protocol number 7 on the firewall rules and no log but it still gets blocked logged. Can anyone help here? 

Comments 3 CommentsJump to latest comment

Mohan Babu's picture

if you look the firewall rule in sepm you can find this  Rule: Block all other traffic with severity 15

Modify this rule or disable it can give you a solution

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Mohan Babu's picture

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy 

http://www.symantec.com/docs/TECH180569

Default Network Threat Protection Rules for Symantec Endpoint Protection

http://www.symantec.com/docs/TECH91729

 

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

Mohan Babu's picture

Rule Name: Block all other traffic
Enabled: YES
Severity: 15-Information
Application: Any
Host: Any
Time: Any
Service: IP:
Adapter: All Adapters
Screen Saver: Any
Action: Block
Logging: Write to Traffic log
Created At: Shared

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)

SOLUTION