Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP Firewall as WAF

Created: 30 Jan 2013 | 6 comments

Can anyone comment on the effectiveness of the Symantec Endpoint Protection 12.1 firewall function on a server with a public facing website? Does it effectively function as a WAF? (Web Application Firewall) Or is a true WAF a product that is more specifically tailored for deployment on a server hosting public websites? I'm looking to provide protection against malware attacks (sql injection / css scripting) developed to exploit the encryption (https / ssl) environment. IPS and Firewall work on non-encrypted traffic and via access-list rules, but ours are not encrypted traffic smart.

Comments 6 CommentsJump to latest comment

.Brian's picture

Yes, you would definitely need a true WAF. In this case, the SEP IPS component would come into play and it's only as good as the signatures it has.

SEP IPS will catch xss/sql injection but that's only if a signature is available. XSS/SQL Injection can be maniuplated to get around traditional signatures. A true WAF will give you much more flexibility.

You could write custom IPS signatures in SEP, so this may help out more and let you be flexible as well.

About custom IPS signatures

Article:HOWTO80930  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80930

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

No, not to my knowledge.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Yes, you would definitely need a WAF firewall for that purpose. The firewall provided in SEP is practically only host based and not designed to protect a hosting of public websites.

cus000's picture

Definitely not recommended to use SEP as "WAF"....

one would always think of multi-layered defense... so get another box or two  ;)

JS@support's picture

Hello,

You would required WAF. SEP should be used in the network to protect form malicious attack while to protect from outside network you definitely need some more layer of defence.

Can think of WAF or even hardware firewall, Squid server etc.