Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP RU5 - disable firewall with policy (even if firewall feature is installed) on client

Created: 18 Mar 2010 • Updated: 21 May 2010 | 11 comments
This issue has been solved. See solution.

Hi,

I installed SEP RU5 client on a computer with ALL features.
Has anybody know if it's possible to disable firewall feature with policy ?

Thank you,

Comments 11 CommentsJump to latest comment

Rafeeq's picture

You can withdraw the policy(policies -select firewall-select default firewall policy - at the bottom select withdraw policy) 
Or 
You can disable the firewall by right click on the group disable network threat protection.

Vikram Kumar-SAV to SEP's picture
  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select to Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.

This create a rule allow all ( equivalent to as firewall off )

OR

as you edit the firewall policy you will see a check box for"Enable this Rule" uncheck that and assign it to all groups.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
JMLamb's picture

Is the client managed or unmanaged? If managed, you can disable the firewall policy that is assigned to group the client resides in. If unmanaged, you can create a rule that permits all traffic if you like.
 
Edit: Didn't refresh the topic before replying. The other options will work just as well.

John Lamb, CISSP CCSK STS SSE+
Lead Technical Architect, Symantec Corporation
Enterprise Security Consulting Services

dricce's picture

Hi,

Thank you for your responses.

I tried:

- To disable network threat protection by right clicking on the group.
That works but SEP client appears in fault (and user can enable firewall as he wants, I don't want that)

- To disable firewall policy by uncheck in this "Enable this policy".
How to know that firewall is really disabled (because SEP client show that firewall is already "enable")

- To withdraw firewall policy of the group.
Same remark as before (I don't know if firewall is really disabled)

What is the difference between the two last procedures (on SEP client) ?

Thank you for your help,

AravindKM's picture

How to block user's ability to disable Symantec Endpoint Protection on Clients

This settings will assure you if you disable from SEPM user will not be able to enable it back.

<<<<To disable firewall policy by uncheck in this "Enable this policy".
How to know that firewall is really disabled (because SEP client show that firewall is already "enable")>>>
This you have to do in SEPM.
In SEPM Go to policy in the overview tab you will get this option.Then assign it to corresponding groups.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

dricce's picture

Hi,

I already do that like I said.
But I'm not sure that firewall is disabled. I want to see that.

In other way: when policy is disabled, what is the result ? Firewall feature is disabled ? Only firewall policy is disabled ?
What happens on SEP clients ?

Thank you,

AravindKM's picture

Removing policy is as same as disabling firewall.it will allow all the traffic through it.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

dricce's picture

Thank you so much for your help !

So I will disable firewall policy with SEPM.

Vikram Kumar-SAV to SEP's picture

If you remove the policy it will mean you have no policy on firewall so it is as good as disabled. 
On the client it will show enabled it will also sniff traffic and packets however it will not take any action against them.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

dricce's picture

Thank you for your clarification !

How do I mark my thread solved ?
I'm looking for that by I don't find it yet !
;-D

AravindKM's picture

click on "mark as solution" in the post which the post found as solution.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind