Video Screencast Help

SEP FW does not match subnet where SEPM server is located

Created: 22 Apr 2013 • Updated: 23 Apr 2013 | 7 comments
rtorvenyi's picture
This issue has been solved. See solution.

hello,

I need an answer.

SEPM server is in different VLAN then clients.

I have created a firewall rule where are only 2 rules:

1 Allow all outgoing

2 Block all

These rules should block any incoming packets. It works but not from the subnet where is the SEPM server located. From this subnet, I can ping, telnet...everything.

Is this a feature, or bug?

 

Rudolf

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

What is the Traffic log showing?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rtorvenyi's picture

I don't see the traffic from the SEPM subnet. Only traffic other then SEPM subnet.

 

strange

.Brian's picture

Follow the instruction here for enabling TSE debugging

How to debug the Symantec Endpoint Protection client

Article:TECH102412  |  Created: 2007-01-06  |  Updated: 2013-03-27  |  Article URL http://www.symantec.com/docs/TECH102412

 

Should give us a better idea of what is going on

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Swapnil khare's picture

It is a Feature of Firewall however check the ports and rules which says allow .

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

 

rtorvenyi's picture

Allow all is only for outgoing traffic.

Everything else should be blocked

Swapnil khare's picture

I mean allow all .

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

 

rtorvenyi's picture

problem solved.

I have exported the policy profile as xml. There was a unregulated_host_group in the HostGroupZones

It was the IPS policy, where an subnet exclude was set

 

Rudolf

SOLUTION