Endpoint Protection

 View Only

  • 1.  SEP Firewall (Ask) Policy

    Posted Mar 03, 2010 01:03 PM
    All,
    I'm working on a firewall policy that includes traffic that I have approved but would like to have a rule just above the "block all" policy that will request the user to allow or deny.
    I have created the policy with a "ASK" action and when the traffic is detected it does request the user to allow or deny.  My question is... When it ask me to allow or deny it stated the program and the port but if you click on yes to allow it creates a rule that allows the program to connect on ALL ports incoming and out. Why??? I have a problem with this logic... for example I create a "ask" policy for non standard ports for internet explorer and the user is in a hotel and the hotel has wireless that need authentication on port 1111. So when the user opens internet explorer it ask them to allow or deny internet explorer to connect to x.x.x.x:1111. The user click on yes now internet explorer can connect not only on port 1111 but any port 1-65535!


  • 2.  RE: SEP Firewall (Ask) Policy

    Posted Mar 03, 2010 01:08 PM
     Well this is the logic and we cannot change it.

    It will ask you only once for one application. Once allowed that port is allowed.
    Thats the reason when the ASK box pops-up it does ask if you want to allow it just for this time.


  • 3.  RE: SEP Firewall (Ask) Policy

    Posted Mar 03, 2010 02:51 PM
    I understand that if it ask me to allow internet explorer on ip 10.10.10.10 using port 1111 then yes it should be allowed becuase I click on yes but the ip and port info is not stored. It is just allowing internet explorer period. So if I want to connect to 10.10.10.2 using port 2222 (again using internet explorer) I'm never asked becuase of the previous (ask) has allowed internet explorer to all ip's and ports. It should ask me on every new ip and every new port.


  • 4.  RE: SEP Firewall (Ask) Policy

    Posted Mar 03, 2010 02:54 PM
    In my experience what your wanting sounds good but ends up being worthless. It's difficult to manage and most users end up clicking yes anyways just to get rid of pop messages.


  • 5.  RE: SEP Firewall (Ask) Policy

    Posted Mar 03, 2010 02:57 PM
    If you want that level of granual control for the end-users, I'd suggest posting it in the ideas area.


  • 6.  RE: SEP Firewall (Ask) Policy

    Posted Mar 03, 2010 03:01 PM
     I would agree..it isn't feasible in large environment where every use will get a pop-up to block or allow every minute using the internet.

    However your suggestion is worth an IDEA

    Please this Idea here
    https://www-secure.symantec.com/connect/security/ideas

    So that Symantec Development Team can review it.



  • 7.  RE: SEP Firewall (Ask) Policy

    Posted Mar 04, 2010 10:20 AM
    I would agree, but there is the potential that your more technical users, esspecially people who administer other computer systems, might be capable of properly using a firewall that was configured like that.