Symantec EndPoint Protection on Domain Controller
I have Symantec EndPoint protection on my PDC. This PDC is also my DNS server. The trouble I'm having is that VPN connected clients are getting some blocked IP traffic, and I've narrowed it down to SEP's Network Threat Protection. When I disable the NTP, the VPN clients are no longer blocked. I figured that I would configure the NTP to allow the traffic as opposed to totally disabling NTP.
I figured to start with the least about of rules then add what I can. On the SEP Manager, I disabled the Firewall Policy for the group that the PDC is in. I also edited the client options for NTP: on the Firewall tab I only have the first three options checked (Enable Smart DHCP, DNS, and WINS). The Intrusion Prevention tab, nothing is checked. At this point, the traffic is still blocked - I looked at the logs:
Application C:\WIndows\system32\drivers\ipnat.sys is being blocked by rule GUI%GUICONFIG#SRULE@NBBLOCK#BLOCK-TCP
I see no where to configure this 'rule'.