Video Screencast Help

SEP 12.1.2 Firewall blocks UMTS traffic

Created: 22 Mar 2013 | 11 comments
rjac's picture

Hey there, anyone experiencing problems with UMTS connections and SEP firewall on Windows 7 clients since they've updated SEP 12.1 to SP2?

We are facing an issue, where Windows 7 clients which should connect over UMTS sticks while they're not in internal LAN getting their traffic blocked by SEP firewall. If we deactivate the firewall, it works like a charm.

The whole thing worked with SEP 12.1 SP1 too... on XP machines it is still working, even with SP2. No policies where changed though.

Operating Systems:

Comments 11 CommentsJump to latest comment

.Brian's picture

You will likely need to add an exception to allow this.

Post the traffic log here for review. Make sure to try it than note the time so we can narrow it down.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Check the firewall rule which is blocking it,

you can check that on client by viewing ntp logs

check the rule too which is blocking.

you might need to add an exception.

Mithun Sanghavi's picture

Hello,

Download and install the Microsoft Hotfix:

When you use a VPN connection that uses Smart Card authentication on a client computer that is running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2, the computer stops responding
http://support.microsoft.com/kb/975212
 

Windows 7/Windows Server2008 R2 SP1               All (Global) x86 SP2 Fix378942
Windows Vista                                                              All (Global) x86 SP3 Fix289341
Windows 7/Windows Server2008 R2 SP1               All (Global) x64 SP2 Fix378942
Windows Vista                                     All (Global) x64 SP3 Fix289341
Windows Vista                                     All (Global) ia64 SP3 Fix289341
Windows 7/Windows Server2008 R2 SP1               All (Global) ia64 SP2 Fix378942

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Could you please traffic logs from the affected machine NTP traffic logs.

It's important to identify which rule is blocking.

I believe last rule 'block all' doing this however it's important to check.

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

rjac's picture

I attached the traffic log. It's short, but from an affected machine where it was tested recently.

AttachmentSize
Datenverkehrprotokoll.zip 1.64 KB
Chetan Savade's picture

Hi,

I think logs are in German language. However as per the logs it seems there is a rule by name 'All of the remaining IP traffic monitor and block'. This rule is blocking the traffic. Is it the last rule?

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SebastianZ's picture

The rule "Gesamten restlichen IP-Datenverkehr blockieren und protokollieren" blocks here both incoming and outgoing traffic fo UDP connections.

You can enable on this client some additiona debugging - TSE advanced debug - this will give you some more detailled information what protocols are being blocked here - then you can set allow rules accordingly for those protocols.

http://www.symantec.com/docs/TECH102412

rjac's picture

Hi Sebastian, the weird thing is, UDP traffic is allowed for all adapters (attached screenshot) and the same rule is used on Windows XP clients and it works there with UMTS adapters.

firewallrule.jpg
SebastianZ's picture

Can you enable logging for allowed traffic on one XP machines and compare the port ranges the XP is using there fo successfull connection (if the same allow rule is really working there) - maybe there is some difference?

In the screenshot I see you set the UDP local from port 1024 and above - but when checking the logs it seems some of the blocks are for connections on lower local ports (67,137,138).

 

The port 68-67 communications blocked seems to be the DHCP traffic:

42    15.03.2013 14:20:16    Blockiert    15    Eingehend    UDP    192.168.162.23    9E-24-41-70-21-D6    68    255.255.255.255    FF-FF-FF-FF-FF-FF    67                Extern    1    15.03.2013 14:20:02    15.03.2013 14:20:02    Gesamten restlichen IP-Datenverkehr blockieren und protokollieren  

AjinBabu's picture

Hi,

Took the log from SEPM associated with the client and identify the rule which is blocking and make necessary exceptions and test it and rolled out.

Regards

Ajin