Video Screencast Help

SEP upgrade 11.x to 12.1 RU1 enables windows firewall

Created: 21 Sep 2012 • Updated: 26 Sep 2012 | 35 comments
This issue has been solved. See solution.

11.x client with only AV component installed.

Upgraded to 12.1 RU1 and the windows firewall became enabled (is turned off by default)

Why?

Comments 35 CommentsJump to latest comment

pete_4u2002's picture

did you upgrade only AV in sep 12.1?

was NTP component included?

yuri_c's picture

Yes, only upgraded AV component.

No, NTP not included. These are high availability boxes so only AV goes on them.

Ashish-Sharma's picture

Hi,

When You will Install NTP Componet.Windows firewall automatic Disabled

Thanks In Advance

Ashish Sharma

 

 

yuri_c's picture

These are for NTP. I don't use NTP on these boxes and never have.

pete_4u2002's picture

did you check the event viewer for application, was firewall enabled immediately after the SEP upgrade?

 

pete_4u2002's picture

Is the NTP policy enabled? whats the setting the integration of windows firewall in the firewall policy?

Ashish-Sharma's picture

Hi,

When we will be install NTP feature Windows firewall automatic turn off.

But In your case You can't install NTP feature Windows firewall automatic enable.

About Windows Firewall and Symantec Endpoint Protection's NTP

http://www.symantec.com/business/support/index?page=content&id=TECH97986

So please you can raised Support Ticket.

http://www.symantec.com/support/assistane_care.jsp

Thanks In Advance

Ashish Sharma

 

 

Rafeeq's picture

how did you install SEP? using GPO or using Migration and deployment wizard?

 

Mithun Sanghavi's picture

Hello,

Could you let us know what do you mean when you say,"the windows firewall became enabled (is turned off by default)"?

Does that mean the windows firewall was disabled via GPO?

When Install SEP 12.1 with NTP (Firewall) it would disable the Windows Firewall and when you uninstall NTP, the windows firewall gets enabled. However, incase if the Windows Firewall is disabled via GPO then in that case I believe the Windows Firewall would not be enabled.

If Windows Firewall is not disabled via GPO, i would request you to perform this activity.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

yuri_c's picture

Yes disabled via GPO. So it became enabled when upgrading despite GPO. Althoug GPO should put it back when doing gpudate /force

Chetan Savade's picture

Hi,

Check following article

The Windows Firewall is enabled after migrating to SEP 12.1 using the 'Upgrade Clients with Package' feature and deploying the 'Basic Protection for Servers' install package.

http://www.symantec.com/docs/TECH171051

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

yuri_c's picture

At least 3. Been inconsistent. Happened on these 3, while others were fine.

Ashish-Sharma's picture

Hi,

Are reboot Server after Install SEP client ?

What happend when you run gpupdate/force ?

Thanks In Advance

Ashish Sharma

 

 

pete_4u2002's picture

by any chance was NTP installed earlier? thinking of if the firewall drivers could still be present

Ashish-Sharma's picture

Hi,

I think you can set SSCM patch reboot System after installed.

I am not sure but when we will be install Symantec Antivirus on server network connectivity will be lost some time that time System may be not received any GPO and system reboot after install AV.

Windows Firewall GPO will be applying on system base. When you will be run gpupdate/force policy will be applied forcefully.

If i am wrong please update me.

Thanks In Advance

Ashish Sharma

 

 

_Brian's picture

Were you upgrading different versions of 11.x?

Was the windows firewall service disabled or just stopped?

yuri_c's picture

Now that I've had more time to troubleshoot, here is scenario:

Server1 - 2008 OS - FW service enabled - FW profile disabled - SEP 11.0.6300. Once upgrade to SEP 12.1 RU1, FW profile became enabled blocking traffic. Turning off profile fixed issue

Server2 - 2008 OS - FW service enabled - FW profile disabled. SEP 11.0.6200. Once upgraded to SEP 12.1 RU1, FW profile became enabled blocking traffic. Turning off profile fixed issue.

Server3 - 2008 OS - FW service enabled - FW profile disabled. SEP 11.0.4000. Once upgraded to SEP 12.1 RU1, no issues occurred.

So upgrade to 12.1 RU1 enabled fw profiles causing traffic to be blocked on two machines.

Only AV component installed. Never had NTP on these machines.

_Brian's picture

Perhaps it has to do with upgrading from a newer version of 11.x. Or possibly a bug.

Did you open a support case?

SOLUTION
Mithun Sanghavi's picture

Hello,

Since Windows Firewall is disabled via GPO. GPO should put it back when doing gpudate /force. If this is not happening, that clearly indicates that the GPO policy are not reflecting to the Client machine properly. Could you login as an "Domain administrator" and check the GPO policies. I don't think this is causing due to Symantec.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

22Aug's picture

Hi,

Are you using locations for the groups client reporting to?

 

Rafeeq's picture

I wil be quite sure that if you try a test install using migration and deployment wizard this issue does not occurs.

 

check the setad.ini file as per this document. If you are advertisiing your sccm, make sure that you have corrected this setting.

 

http://www.symantec.com/business/support/index?page=content&id=TECH102668&locale=en_US

yuri_c's picture

Not using SCCM for SEP deployment on servers. Running exe locally on client to upgrade.