Video Screencast Help

SEP 12.1 on Host OS is blocking network traffic of guest VM in bridge mode

Created: 07 Jan 2013 • Updated: 07 Jan 2013 | 8 comments
jawad1987's picture

Hey

I have Windows 7 as host OS with SEP 12.1 installed on it. It has 192.168.1.x subnets through which i access internet. I have VMWare Workstation 9 installed on Host OS in which i am running serveral guest VM. One of the guest VM has Windows Server 2008 installed and is bridge networking mode with 192.168.1.x IP address. The problem is SEP 12.1 on host machine is blocking all the traffic destined for internet from guest VM. I need to do the following.

 

1) Allow Guest VM to suceesfully connect with Internet.

 

2) Block any traffic originating from guest VM that is destined for host system. This one is because even if guest VM (which is purely a testing system) gets compromised from Internet, it must no affect my host machine

Comments 8 CommentsJump to latest comment

.Brian's picture

Is this a managed client?

Check your NTP traffic log and post here if you can.

Create one rule to allow the guest access over port 80/443

Create another rule to blocking incoming traffic from the guest to the host.

One of the easiest things to do is create a generic rule called DENY_ALL or similar, however set the rule to Allow. This way you can still monitor the traffic and allow it while deciding what needs to actually be blocked and allowed.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jawad1987's picture

1) Is this a managed client?
A. This is unmanaged client.

2) Create on rule to allow the guest access over port 80/443
A. I want to allow all Internet traffic not just Web traffic

3) Create another rule to blocking incoming traffic from the guest to the host.
A. This thing is baffling me a bit. Because when i try to create a Firewall rule. There is only option for specifying Remote Host and no option for specifying Local Host (IP or MAC). So please suggest how should i create this rule.

.Brian's picture

If you know all ports to open than you can add them otherwise you can add the application that would allow traffic out. I don't remember what it is called in Vmware (vmnet?)

Remote host is the only option on unmanaged clients. Create the rule blocking traffic to/from the guest IP

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jawad1987's picture

Brian how can i import the rule on this unmanaged client if i make a rule on SEPM that allows traffic from Source IP 192.168.1.x destined towards internet? Please share the steps.

.Brian's picture

Do you want to make the client managed? I'm not sure you can do this without making the client managed...

You can try exporting the fw policy from SEPM after you create the rules and than on the unmanaged client go to Help >> Troubleshooting and under Policy Profile click Import and try to import the fw policy

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

jawad1987's picture

I might add here that incoming rule will work fine to block any traffic originating from Guest VM that is destined for HOST machine. But how do i allow Gust VM to access the internet?

Ajit Jha's picture

Hi, I wonder Host is able to access internet. Please post the Firewall Log.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Mithun Sanghavi's picture

Hello,

I would suggest you to create a Case with Symantec Technical Support Department.

How to create a new case in MySupport

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope that helps!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.