Endpoint Protection

 View Only

  • 1.  SEPv11 Firewall - Implicit Deny/Block at the end of the Firewall Rules?

    Posted May 27, 2010 10:14 AM
    Does the SEP firewall operate like other firewalls in the sense that an implicit deny/block all is automatically added to the end of the firewall ACL's?


  • 2.  RE: SEPv11 Firewall - Implicit Deny/Block at the end of the Firewall Rules?

    Posted May 27, 2010 10:32 AM
    No it does not have that feature as of now :(
    please add it under ideas section


  • 3.  RE: SEPv11 Firewall - Implicit Deny/Block at the end of the Firewall Rules?

    Posted May 27, 2010 10:46 AM
    Rafeeq, please explain where you got this answer. An Internal KB doc is fine.

    Please see KB 2007110713274948 (Internal)


  • 4.  RE: SEPv11 Firewall - Implicit Deny/Block at the end of the Firewall Rules?

    Posted May 27, 2010 11:13 AM
    Hello Ryan,

    Unfortunately I dont have access to Internal Documents of Symantec :) , I said what i have seen so far in this forum and external symantec documents.
    If you have any public document which says the above then sure that I learned somthing today :
    Please confirm if SEP fw rules are added to ACL's automatically after a deny or allow..
    Thanks


  • 5.  RE: SEPv11 Firewall - Implicit Deny/Block at the end of the Firewall Rules?

    Posted May 27, 2010 01:13 PM
    To the best of my knowledge the answer is YES.
    If a packet is not specifically allowed in the Firewall Policy, it will not be allowed. Firewalls follow the 'dangerous unless proven safe' policy.
    I know there is a 'block all' rule in the SEPM firewall policy, but I believe it is only there for clarity.

    In either case, this should be easy to test.
    Just make a firewall rule that say, "Allow port 80". If you are unable to ping the computer, you know everything else is being blocked.