Endpoint Protection

 View Only

  • 1.  Trouble with VPN users and Symantec firewall

    Posted Jun 05, 2012 02:41 PM

    I just setup two new servers and I am having issues with VPN users syncing their remote ACT databases to the second server. They can VPN into the network and access the first server just fine but when they go to sync their ACT database their access is blocked from the Symantec firewall. I added the port exceptions suggested by ACT but still cannot get the remote users sync to work (they are still being blocked). Does anyone know why this is occuring?



  • 2.  RE: Trouble with VPN users and Symantec firewall

    Posted Jun 05, 2012 02:59 PM

    Without knowing the rules you setup, it is hard to give a proper diagnosis.

    I'll take a stab at it though.

    * * * * * * *

    Now, you can synch to the first server, but not the second. 

    Can you ping the server from the client?   By name? IP?

    Is the second server on the same network? 

    Do you have a routing table established to allow traffic to flow to the second server?

    Firewall rules in place to allow the flow of traffic from the client to the second server?

    -- Adjustments to ensure traffic flow from the Virtual IP of the tunnel to the second server?

    Any firewall logs indicating why the traffic is being blocked?

     



  • 3.  RE: Trouble with VPN users and Symantec firewall

    Posted Jun 05, 2012 03:24 PM

    Yes I can ping the server by both IP and name from the clients computer. The second server is on the same network as the first.  All of the rules that are in the firewall are the default ones that came when I setup Symantec Endpoint Protection Version 12. I added 3 rules to allow the ports that ACT recommended but the log is stating that one of the defaults rules is blocking the traffic from these VPN users.



  • 4.  RE: Trouble with VPN users and Symantec firewall

    Posted Jun 05, 2012 04:19 PM

    Can you post the log message please.

    It might hold some more information about what rule is blocking traffic.

    And the port numbers you needed to open please.



  • 5.  RE: Trouble with VPN users and Symantec firewall

    Posted Jun 05, 2012 04:39 PM
      |   view attached

    I have attached the log file.

     

    The ports that ACT said need to be opened are:

    Protocol

    Port Number
    TCP 1433 (Default SQL Server Port)
    UDP 1434 (Default SQL Server Port)
    TCP 65100 (Default Port if using ACT! Network Synchronization)

     

     

    Attachment(s)

    txt
    network threat protection log.txt   51 KB 1 version


  • 6.  RE: Trouble with VPN users and Symantec firewall

    Posted Jun 05, 2012 05:00 PM

    You have; I think, 2 rules blocking traffic.

    Rule 10 and Rule 15. 

    Looks like you left some of the default block IPv6 traffic rules in place.

    Do you have different firewall policies for the different servers?

    Blocked 15 Incoming UDP FE80:0:0:0:65F3:7AA7:6556:7DBB D4-BE-D9-28-5D-D3 (mac address of the server blocking traffic?)

    Than your rules are defaulting to "Block all incoming traffic" thinking it is under attack.  IPv6 tries for 1 second before defaulting to IPv4.  By that time it is too late and the IPv4 traffic is already blocked by the "block all traffic rule".

    * * * * * *

    I have to run, but I will look over the logs more in depth in about an hour. 

    Hope that above helps.