Endpoint Protection Small Business Edition

 View Only

  • 1.  SEP Firewall blocking connection with Exchange server

    Posted Aug 13, 2015 10:07 AM

    I'm currently having an issue with a users laptop. I can only connect to the Exchange server if the Network Threat Protection Firewall is disabled. When disabled, I can connect Outlook and ping the server. Once I turn it back on, nothing from either. I've tried creating a rule to allow all, but that didn't work. Has anyone seen this before?



  • 2.  RE: SEP Firewall blocking connection with Exchange server

    Posted Aug 13, 2015 10:09 AM

    Check the traffic log and what exactly is being blocked?

    What version of SEP is this?



  • 3.  RE: SEP Firewall blocking connection with Exchange server

    Broadcom Employee
    Posted Aug 13, 2015 10:09 AM

    What's the SEP client version? Meanwhile upload traffic logs present under NTP --> View logs--> Traffic logs

    Only issue with single client? Other clients can connect without any issue?



  • 4.  RE: SEP Firewall blocking connection with Exchange server

    Posted Aug 13, 2015 10:22 AM

    Here's an entry to the server that it's blocking the connection to. Even if I go in and turn off the Blobk Ipv4 LLMNR rule it still doesn't work. Version is 12.1.2015.2015. It is only one user having this problem. 

     

    8/13/2015 10:05:36 AM    Blocked    3    Incoming    UDP    ptmail1.pt.mccormicktaylor.com [192.0.5.9]    28-80-23-A1-51-00    63024    224.0.0.252    01-00-5E-00-00-FC    5355    C:\Windows\System32\svchost.exe    NETWORK SERVICE    NT AUTHORITY    Default    2    8/13/2015 10:04:32 AM    8/13/2015 10:04:32 AM    Block Ipv4 LLMNR  



  • 5.  RE: SEP Firewall blocking connection with Exchange server

    Posted Aug 13, 2015 10:28 AM

    224.0.0.x is a multicast address. Should have nothing to do with comms between client and exchange server.

    Follow this guide for troubleshooting

    Troubleshoot blocked network traffic due to the Endpoint Protection firewall

    There may be one fw rule (the last one) 'Block all other traffic and don't log'...enable logging for it. I bet the traffic is hitting that rule and not being logged.



  • 6.  RE: SEP Firewall blocking connection with Exchange server

    Posted Aug 13, 2015 10:38 AM

    Here's the latest that says it's allowed, but it really isn't, because it's still not working. This appeared after applying the Allow All Test rule. 

    8/13/2015 10:33:13 AM    Allowed    3    Outgoing    TCP    ptmail1.pt.mccormicktaylor.com [192.0.5.9]    28-80-23-A1-51-00    7806    192.0.5.77    B8-6B-23-64-D3-7B    49343    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE    gl    MTA-PT    Default    1    8/13/2015 10:32:50 AM    8/13/2015 10:32:50 AM    Allow All Test    

     



  • 7.  RE: SEP Firewall blocking connection with Exchange server

    Broadcom Employee
    Posted Aug 13, 2015 01:40 PM

    Hi,

    Verify affected machine is under the same SEPM group where other working machines are listed , Assign new firewall default policy to affected machine.

    If possible copy all the Traffic logs into excel sheet and attach it here.

     



  • 8.  RE: SEP Firewall blocking connection with Exchange server

    Posted Aug 13, 2015 02:10 PM

    How is the rule written? Did you allow host to host communication? Specific port only?

    Would prefer to see the full log for this.