Endpoint Protection Small Business Edition

 View Only

  • 1.  Symantec client blcoking our proxy server 192.168.XX.XXX

    Posted Dec 11, 2013 02:26 AM

    Hi team, 

     

    We have setup proxy in our organisation, we have deployed proxy settings in test environment with unmanaged SEP clients to test operations of ironport proxy and we are planning to deploy proxy settings to our organisation in which we have managed SEP clients in next phase 

     

    Problem we have here is symantec client is blocking traffic from proxy in test environment.

    We are getting a popup from client saying " The client will traffic from IP address 192.168.XX.XXX for the next 600 seconds from date and time to date and time"

    Unmanaged client is blocking our proxy server, i have added exception in webdomains in security risk exception but it didnt work. I coud access proxy only after stopping SEP client. 

    Pls help me in creating exception to the proxy server IP in both un-managed client and in SEP server for managed clients

     

    Regards,

    Anoop Jeevan.



  • 2.  RE: Symantec client blcoking our proxy server 192.168.XX.XXX

    Broadcom Employee
    Posted Dec 11, 2013 02:39 AM

    can you post the picture?

    check this link

    How to use Symantec Endpoint Protection Manager to add an exception for Intrusion Prevention Policy

     

    Article:TECH97176  |  Created: 2009-01-02  |  Updated: 2013-09-03  |  Article URL http://www.symantec.com/docs/TECH97176

     



  • 3.  RE: Symantec client blcoking our proxy server 192.168.XX.XXX

    Posted Dec 11, 2013 02:55 AM
      |   view attached

    @pete,

     

    I have attached pic, thank you for sharing how to create exception from server. Could you please help me on how to do it from unmanaged client too?

    Regards

    Anoop Jeevan



  • 4.  RE: Symantec client blcoking our proxy server 192.168.XX.XXX

    Broadcom Employee
    Posted Dec 11, 2013 03:10 AM

    open client gui --> click on change settings ---> configure settings of 'Network threat protection'---> under Firewall tab ---> Active response settings ( disable it).

    however understand there will be risk , if you dont block.



  • 5.  RE: Symantec client blcoking our proxy server 192.168.XX.XXX

    Posted Dec 11, 2013 03:15 AM

    You can try this if help

     it is a Unmanaged clients then
    Open SEP-GUI
    Network Threat Potection -Options- Change Settings - Intrusion Prevention -( Uncheck ) Enable Port scan detection .

    or
    Open SEP-GUI
    Network Threat Potection -Options -Configure Firewall Rules
    Add rule Allow all -Under Network add IP address from 192.18.0.1 to 192.168.255.254



  • 6.  RE: Symantec client blcoking our proxy server 192.168.XX.XXX

    Posted Dec 11, 2013 05:30 AM

    Anoop,

    Set the proxy server as an excluded host in the IPS policy. Follow the steps here on how to do so:

    Setting up a list of excluded computers

    Article:HOWTO81159  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO81159

     



  • 7.  RE: Symantec client blcoking our proxy server 192.168.XX.XXX

    Trusted Advisor
    Posted Dec 12, 2013 07:00 AM

    Hello,

    It means, IPS had blocked the traffic from that ip address 192.168.XX.XXX, for  600 seconds. Active  response is a feature in IPS, that is used to block the traffic from a particular IP address, if the traffic is suspicious. For more details, you should  investigate, which IP address is shown in this log. And then Scan that machine with the IP address, from SEP.

    Since your proxy is the source IP, this is expected behaviour. SEP is not proxy aware. To stop this, in SEPM go to your Firewall policy and go to the Protection and Stealth tab and uncheck this option:

    1_239.JPG

    Secondly, check this Article:

    Blocking an attacking computer

    http://www.symantec.com/docs/HOWTO27085

    Hope that helps!!