Video Screencast Help

SEP 12.1.3 firewall problem with iSCSI

Created: 11 Oct 2013 | 8 comments
Elements_Media's picture

HI @ all

Since we are running SEP12.1.3 on the servers, we are facing problems with iscsi. Even if there is no rule available on the SEP firewall (all ports are open), if I want to backup a isci connected drive with backup exec, it has a throughput of 16mb per minute. As soon as I disable the firewall, the performance rapidly increases. With SEP12.1.2 and SEP12.1 we haven’t had such problems. (To uninstall the firewall is no solution for us, even if the module isn’t used because of the policies/rules)

Thanks for you help!

Operating Systems:

Comments 8 CommentsJump to latest comment

Mithun Sanghavi's picture


In your case, I would suggest you to create a case with Symantec Technical Support.

Check these Steps below:

How to create a new case in MySymantec

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ᗺrian's picture

Open a case as suggested. Be prepared to run the symhelp tool with advanced debugging and packet captures. Supoprt will walk you thru doing this:

How to use the advanced debug logging options for the Symantec Endpoint Protection client in SymHelp

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH207795 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2013-06-27 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2013-09-18 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SteveTanti's picture

I've found the same thing.

I've logged a case and am in the middle of escalation to higher support.

My case # is 04822025 if you'd like to link into it.

I found that when the firewall was enabled I got about 40% degradation in throughput on Windows OS mounted iSCSI LUNs. (I'm in VMware ESXi 5.1, Windows 2008 R2 Guest OS using a NIC dedicated to iSCSI over 10GbE back-end network).

I found even greater impact (60-70%) when using 1500MTU, and it dropped to 40% hit when using 9000 MTU.



pete_4u2002's picture

is IPS also installed on the machine?

you may want to check this article and uninstall IPS if the server is busy server

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

SteveTanti's picture

Thanks, I hadn't seen that, and something to keep in mind.

I did a whole swathe of tests using SQLIO tool to simulate 8K and 64K IO with increasing installs of SEP components (no SEP, basic AV, Proactive Threat Protection, IPS and Firewall).

All the way up to enabling the firewall policy, I got 0-5% decreases in IO. As soon as I enabled the firewall policy the throughput and IOps dropped by about 40%.

It made it a little better if I put a rule up the top to allow traffic to/from the iSCSI share, but not enough to make the DBAs happy to use it as their database and log drives and having the firewall enabled.

I was hoping that we'd be able to exclude specific adapters from IPS/Firewall as they're dedicated VLANs/NICs for iSCSI traffic, but it doesn't seem that is possible at this point.



pete_4u2002's picture

 you can put centralized for the DB used, however it's effective for AV scan.

pmajon's picture

We had the same issue and this thread helped us solve it. Thanks for the post. We have a Promise VessRAID 1840i iSCSI NAS that experienced slow/frozen file transfers as a result of upgrading from SEP 12.1.1 to SEP 12.1.4 on the file server that it's connected to. Disabling the SEP firewall solved the issue. We are in the process of uninstalling the SEP firewall from our file servers and rebuilding a distribution install for our clients without the firewall option.

Symantec has always had trouble developing a reliable firewall. The internal Windows Firewall works well and can be customized via Group Policy so there is little reason to use Symantec's solution other than for reporting.

AjinBabu's picture


As per my personal experience keep only AV protection only highly utilized servers