Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

SEP FW does not match subnet where SEPM server is located

Jump to Best Answer

1. SEP FW does not match subnet where SEPM server is located

0 Recommend
Migration User
Posted Apr 22, 2013 09:43 AM

Reply Reply Privately
hello,

I need an answer.

SEPM server is in different VLAN then clients.

I have created a firewall rule where are only 2 rules:

1 Allow all outgoing

2 Block all

These rules should block any incoming packets. It works but not from the subnet where is the SEPM server located. From this subnet, I can ping, telnet...everything.

Is this a feature, or bug?

Rudolf
2. RE: SEP FW does not match subnet where SEPM server is located

0 Recommend
ℬrίαη
Posted Apr 22, 2013 09:46 AM

Reply Reply Privately
What is the Traffic log showing?
3. RE: SEP FW does not match subnet where SEPM server is located

0 Recommend
Migration User
Posted Apr 22, 2013 09:52 AM

Reply Reply Privately
I mean allow all .
4. RE: SEP FW does not match subnet where SEPM server is located

0 Recommend
Migration User
Posted Apr 22, 2013 09:52 AM

Reply Reply Privately
It is a Feature of Firewall however check the ports and rules which says allow .
5. RE: SEP FW does not match subnet where SEPM server is located

0 Recommend
Migration User
Posted Apr 22, 2013 09:58 AM

Reply Reply Privately
I don't see the traffic from the SEPM subnet. Only traffic other then SEPM subnet.

strange
6. RE: SEP FW does not match subnet where SEPM server is located

0 Recommend
Migration User
Posted Apr 22, 2013 09:59 AM

Reply Reply Privately
Allow all is only for outgoing traffic.

Everything else should be blocked
7. RE: SEP FW does not match subnet where SEPM server is located

0 Recommend
ℬrίαη
Posted Apr 22, 2013 10:03 AM

Reply Reply Privately
Follow the instruction here for enabling TSE debugging

How to debug the Symantec Endpoint Protection client

Article:TECH102412 | Created: 2007-01-06 | Updated: 2013-03-27 | Article URL http://www.symantec.com/docs/TECH102412

Should give us a better idea of what is going on
8. RE: SEP FW does not match subnet where SEPM server is located
Best Answer

0 Recommend
Migration User
Posted Apr 23, 2013 05:49 AM

Reply Reply Privately
problem solved.

I have exported the policy profile as xml. There was a unregulated_host_group in the HostGroupZones

It was the IPS policy, where an subnet exclude was set

Rudolf

Endpoint Protection

SEP FW does not match subnet where SEPM server is located

Migration UserApr 22, 2013 09:43 AM

ℬrίαηApr 22, 2013 09:46 AM

Migration UserApr 22, 2013 09:52 AM

Migration UserApr 22, 2013 09:52 AM

Migration UserApr 22, 2013 09:58 AM

Migration UserApr 22, 2013 09:59 AM

ℬrίαηApr 22, 2013 10:03 AM

Migration UserApr 23, 2013 05:49 AMBest Answer

1. SEP FW does not match subnet where SEPM server is located

2. RE: SEP FW does not match subnet where SEPM server is located

3. RE: SEP FW does not match subnet where SEPM server is located

4. RE: SEP FW does not match subnet where SEPM server is located

5. RE: SEP FW does not match subnet where SEPM server is located

6. RE: SEP FW does not match subnet where SEPM server is located

7. RE: SEP FW does not match subnet where SEPM server is located

8. RE: SEP FW does not match subnet where SEPM server is located Best Answer

8. RE: SEP FW does not match subnet where SEPM server is located
Best Answer