Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP -unmanged computer

Created: 06 Nov 2012 • Updated: 06 Nov 2012 | 13 comments

Hello it a simple question about Symantec Endpoint unmanaged computers.I use SEP as firewall in Windows 8 .My firewall is turn off .But my problem is how I can use rules to ICMP .I would like to use (ping and tracert) but my problem is is I pass ICMP code 0 --8 (ping ,tracert ) work well .

But my system is visible .Scaner nping see my computer .Computer is passing  icmp-code 0 icmp-type 0 .Please help .

 

Discussion Filed Under:

Comments 13 CommentsJump to latest comment

.Brian's picture

So you want to block this type of traffic?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Simpson Homer's picture

 

Problem

How to add a rule in a Symantec Endpoint Protection client firewall to allow an unmanaged client to accept Ping.
 

Solution

To add a rule in the firewall polices:
  1. Open the Symantec Endpoint Protection client interface
  2. Select Status
  3. Click Options for "Network Threat Protection"
  4. Select Configure Firewall Rules
  5. Click Add
  6. Type a name for the new rule (Example: "Allow ICMP" )
  7. Under "Action", select Allow this traffic
  8. Select the network interface card that you want this rule applied to.
    • Note: If you want this rule to always run, select Apply this rule while the screen saver is On and/or Off.
  9. Go to the Hosts tab
  10. Select Apply this rule to and select where you want this rule applied. (The default is "All hosts")
  11. Go to the Ports and Protocols tab
  12. Click on the Dropdown menu and select the ICMP
    • In the sub menu, select Echo Request – 8 and Echo Reply - 0 (you may select others that you need for your environment)
  13. Click OK

 

https://www-secure.symantec.com/connect/forums/unmanaged-client-stops-echo-requests-vlan

 

Mithun Sanghavi's picture

Hello,

To simplify your doubt.

Please Correct me if I am wrong... 

Environment: Windows 8 and SEP 12.1 RU2 Beta Unmanaged client with all Features.

Query:  

Want to Create Firewall rule to Stealth option .

  • Block / Log all incoming
  • Allow all outgoing include (ICMP ,TCP/IP,UDP) (Application - Skype, firefox, ping,)

Issue :

After rules are created to allow " icmp" (ping,tracert) for both out/in the ping works.

However, when running Online Scanner nmap, it detects ports to be open.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

kolor's picture

1.Yes I use SEP 12.1.1989.1989

2.Yes I want to Stealth option

3.Block / Log all incoming

4.Allow all outgoing include (ICMP ,TCP/IP,UDP) (Application - Skype, firefox, ping,All my application) YES exactly

5.YES I create ICMP both (ping,tracert)

6.Ping ,tracert ---not work

============================================

 

Jason1222's picture

Kolor,

You created your rules.

You are alloowing outgoing pongs and tracerts?

Now, you are trying to test, but are you testing to a machine, but does that machine have the same settings?

Meaning, are you trying to ping or tracert to a machine that has ICMP echo traffic disabled?

Can you, for example, from that machine ping google.com?

Are you receiving any error messages when trying to ping out?

Can another machine ping the machine you are trying to stealth?

 

 

kolor's picture

MY rules

1.Block incoming traffic

2.Allow outcoming all

3.Allow ICMP  0,3,4,5,8,9 alllllllll   (ping,tracert ) both traffic 

 

Yes I ping www.google.pl  without respond

YES ww.ping.eu   ping me not work

  SEP show me ntoskrnl.exe has blocked

Chetan Savade's picture

Hi,

Could you please confirm what challenges are you facing while creating this rule?

We have tested with unmanaged client (beta version) & steps are as per the following.

SEP unmanaged client GUI --> NTP --> Click on Options --> Select Configure firewall rule --> click on add --> Provide the name to the rule -->Select the desired action (allow or block) -->Keep default firwall settings -->Go to ports & protocols --> Select ICMP --> Now select Echo reply (0), Echo request (8), Time Exceeded for datagram (11)--> Move this rule to the top of the available rules.

Now you should see general message failure while doing ping request.

Screenshot it attached to the reference.

Let us know if you need more help on this.

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

kolor's picture

Ok it means it my Windows 8 will be firewall stealth mode it yes your opinien .

What abut this .Try in your system .ANd tell my your Firewall pass or block .

 

  http://nping.online-domain-tools.com/

 

--icmp-type 0  --icmp-code 0    Yours Firewall IP  .

kolor's picture

There is someone who help my to create good rules to by my Window 8 as firewall stealth mode.

The main problem is with "ICMP " how I may passing this move .

Mithun Sanghavi's picture

Hello,

I would suggest you to create a Case with Symantec Techical Support for a quick troubleshooting and solution.

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000
 
Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

John Santana's picture

and don't forget to keep us updated with the solution :-)

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

kolor's picture

Hi I was call to US but I don't understand this adviser .My English is to Bad to understand .And I think this adviser was from INDIA or Pakistan .He conect me from NORTON service .he he

 

Yes problem is still leaving .I try to ask in Poland Adviser .But Polsih man told me it's very diffical allow to pass ICMP code 3 with safe entry .Scanner nmap see your system .

acually rules ##################firewall stealth mode#############

1.Allow ICMP ---0,11 incomming

2.Allow ICMP --8 --outgoing 

##### ping.tracert work well ####

3.ICMP--both--block 1,2,3,4,5,6,ALL

4.Allow outgoing (firefox,skype)

5.Block incoming

################################This man help my ""elisha_riedlinger"" #######

But the issue still alive.ICMP code 3 ----how pass with safer mode .

SEP symantec it isn't edge firewall and it difficall to use rules .

 

kolor's picture

SYMANTEC website

#######################################################

Failure of server APACHE bridge:
Port number in WebLogicCluster parameter specified in httpd.conf is not an integer less than 65535, or servers are not specified correctly. Cannot continue.
Build date/time: Apr 20 2009 15:29:34
Change Number: 1211636

#####################################################3