Video Screencast Help

What's everyone using SEP fw for?

Created: 02 Jan 2013 | 4 comments

I'm curious if anyone can share what they're using the SEP firewall for? The default rules are pretty basic and relaxed in 12.1. In testing, I've added a "Deny_all" rule as the last rule and a lot is blocked and my machine is bascially unable to function on a domain network.

Was wondering if anyone can share some thoughts or ideas on using the fw to lock down an environment yet still be able to function properly.

Thanks for reading. Any feedback is greatly appreciated.

Comments 4 CommentsJump to latest comment

Brɨan's picture

I have a client who only allows 80 and 443 when their PCs leave the interal network. Everything else is denied.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


By default, there is no rule to block communication in the SEPM firewall.

Here are the Articles which would explain, more on the default Firewall rules in SEP 12.1

About firewall rules

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Olivier_C's picture

I actually have test about locking netwotk of laptops, when these laptops are out of my network.

If the SEP client can connect SEPM AND if they can resolve DNS entry specialy created in my network, the Firewall rule allow all legitimate traffic (the default FireWall Rule with some custom entry).

If the SEP client cannot conect to SEPM AND if the DNS resolution is negative, the client choose the external place, then another firewall rule is applied. This rule allows only DNS, my VPN application, LiveUpdate, SEP communication port ... . This rule, let the laptop to connect to my priveate network only, and block anyelse connexion (Internet for example) until the place tests commes complient again, and the firerule let traffic commes again trough the VPN connection.