Endpoint Protection

 View Only
  • 1.  SEP firewall requirements

    Posted Jun 16, 2015 07:50 AM

    Hey Guys,

    We are looking forward to enable firewall protection on Windows servers running different versions including some Windows 2000 machines as well. I would like to know below information for assessment to share with relevant teams for firewall implementation plan.

    1. Is there any threshold criteria (like in case of IPS it is suggested to run it on server with traffic less than 300Mbps) for CPU, Memory and network bandwdith usage for smooth functionining of SEP firewall.

    Regards,



  • 2.  RE: SEP firewall requirements

    Posted Jun 16, 2015 07:52 AM

    No,

    Installation best practices for Endpoint Protection on Windows servers

    https://support.symantec.com/en_US/article.TECH92440.html



  • 3.  RE: SEP firewall requirements

    Posted Jun 16, 2015 07:53 AM
    Firewall should be fine. How many rules will you have? The more rules you have the bigger the chance for issues. Have you tested this out?


  • 4.  RE: SEP firewall requirements

    Posted Jun 16, 2015 08:04 AM

    First we will start off with default rules and then we will create separate groups for specific servers running different applications so that not all rules are applied on all the servers regardless of services implemented.

    Below mentioned requirements are exclusively for IPS. I would like to know if this applies for firewall as well which I doubt because firewall is lesser intense than IPS. Kindly suggest and confir.

    • Average CPU utilization of 35% or more
    • Average TCP/UDP throughput of 300 Mbps or more
    • Use of NIC teaming technology

    Regards,

     



  • 5.  RE: SEP firewall requirements

    Posted Jun 16, 2015 08:09 AM

    Those figures only apply to IPS, firewall should be fine.

    A good article to keep handy though for firewall is here:

    Troubleshoot blocked network traffic due to the Endpoint Protection firewall



  • 6.  RE: SEP firewall requirements

    Broadcom Employee
    Posted Jun 17, 2015 12:31 PM

    Yes, it specifically applies for IPS implementation.

    If it's applicable then can result in lowered network service response times, network outages, and in extreme cases, Operating System crashes. If a server meets one or more of these criteria, Symantec recommends testing the SEP client on a server in a lab environment that can simulate peak production demands on the system in order to determine whether using IPS is feasible.