SEP for Small Business - Firewalls - To Use or Not to Use???
Created: 11 Feb 2011 | 10 comments
The installation documentation for SEP for SB 12 appears a bit unclear as to whether or not Windows firewalls should be utilized. Am I correct in my understanding that they are to be used in conjunction with SEP (with the specified ports opened/enabled) or should they be turned off altogether in lieu of SEP's protection?
What is the "best practice" for firewalls?
Thanks!
Discussion Filed Under:
Comments
See -
See -
About Windows Firewall and Symantec Endpoint Protection's NTP
Best Practice
It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance.
http://www.symantec.com/business/support/index?pag...
Use either SEP firewall or
Use either SEP firewall or Windows Firewall not both. However SEP firewall is far better and easier to Administer than Windows Firewall.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Security Center
I was running SEP11 with WF turned off in Group Policy. After upgrading the clients to SEPSBE12 (with NTP), their Security Center started alerting that Endpoint Protection was reporting that the firewall was off. This implies that SEPSBE12 wants WF enabled. Yeesh.
My "solution" was to disable the Security Center in Group Policy.
This doesn't sound right.
There is no way to upgrade from SEP 11 Enterprise to SEP 12 Small Business. Also in order for the NTP firewall to complete its installation the system needs to be restarted, otherwise our driver is not running and thus no firewall until after reboot.
Also, SEP SBE is based on an older build of SEP 11 and there were previous known issues with Windows Security Center not recognizing either our firewall status, or in some instances the the Antivirus status.
Kurt G.
Symantec Technical Specialist: Endpoint Security Advanced Team
Symantec Corporation www.symantec.com
Symantec Enterprise Support: (800) 342 0652
Kurt, thanks for the
Kurt, thanks for the reply.
From a licensing point of view, Symantec calls it a "xgrade" (crossgrade?). From an installation point of view, the client install package recognized the existing product and removed it first. The server/manager was new. I'm aware NTP doesn't load until after a restart, but this didn't fix the Security Center problem.
SEPSBE12 is based off SEP11 and not SEP12? Nice. I suppose that was a marketing decision.
SEP 11 to SEP 12 Small
SEP 11 to SEP 12 Small Business Edition is not an upgrade. These are two diffferent products. As Kurt stated, SEP 12 built off an older version of SEP 11. Why the move from SEP 11? Were you running the latest version (RU6 MP2)?
BTW, SEP 12.1 for Enterprise is due out in the second half of the year.
http://www-uat.ges.symantec.com/business/theme.jsp...
Money and Time
I've used SEP11 since it's initial release all the way up to RU5. I appreciate the simpler manager console in SBE. What prompted me to try it was the lower licensing costs, but so far there's nothing I miss about 11.
I agree with you on the
I agree with you on the manager of SEP12 . It is very simple and easy to set up. It was designed that way with small business owners in mind. Many small businesses do not have the money or resouces to staff an IT department.
Another product to consider is the Symantec Endpoint.cloud product. Your manager sits in the cloud and this means there is no need for you to dedicate a server for the purpose of managing clients.
Check it out here - http://www.messagelabs.com/products/hosted_endpoint/
30 day free tial - http://buy.symanteccloud.com/estore/mf/smbTrialwarePage?sfid=9RCJNw6htVRWBdny8Yhy0Mb6y542tYzhzTJ7wfLdl2lrYnfndyv6!-1016563177!1299249722954
Please Consider This...
Hello,
Whatever case it is, if you still have some endpoints to which you want to deploy SEPSBE12 agent, please consider enabling and installing the Network Threat Protection (NTP) module as well. Before installation, you may disable any firewall policies on those new agents (and they ARE disabled by default), but make sure to include this NTP module in your forthcoming installations... Otherwise, your Symantec Protection Center (SPC) will simply see them as "disabled" endpoints and also they will simply refuse any policy changes that you may do later on (because the SPC will "think" they are not working).
Wish you all the luck...
Originally, all firewalls didn't block outbound network traffic.
In earlier versions of Windows, the Firewall was an inbound only firewall. Microsoft purchased Giant Software and initially the new product was named "Windows Defender". It was shown that if you had Windows Defender running and no Anti-Virus / Anti-Malware, Windows Defender still managed to block outbound "requests" of the installed malware -- almost as good as disconnecting your PC from the network.
Today, both Microsoft and Symantec have two-way firewalls with the latest versions. Manage your exceptions (what you will allow to leave your PC) and you get the benefits that the outbound firewalls like Giant / Defender intended.
That said, you can choose the Symantec firewall for the management interface and this helps when you are dealing across different WIndows versions as you bring your Windows desktops to a common release since most of us are in the state where we still have some Windows XP and Windows 7 mixed environments.
Good luck.
Would you like to reply?
Login or Register to post your comment.