Where do I find the Rule for "Allow VPN"

Created: 19 Oct 2012 | Updated: 30 Oct 2012 | 11 comments

Tim91125

This issue has been solved. See solution.

I am running SEP 12.1 on my work desktop and I have noticed in the Network Threat Protection Traffic Log that an incoming UDP is being allowed due to a rule called “Allow VPN”. I would like to block this connection but I haven’t found the rule.

Here is a copy of the log entries.

10/19/2012 6:23:45 AM Allowed 5 Incoming UDP 131.215.199.209 7C-6B-33-00-02-C6 62521 224.0.0.1 01-00-5E-00-00-01 8612 Tim D2N44JC1 Default 1 10/19/2012 6:22:43 AM 10/19/2012 6:22:43 AM Allow VPN

10/18/2012 1:33:41 PM Allowed 5 Incoming UDP DHCP-199-209.caltech.edu [131.215.199.209] 7C-6B-33-00-02-C6 62516 224.0.0.1 01-00-5E-00-00-01 8612 Tim D2N44JC1 Default 1 10/18/2012 1:32:40 PM 10/18/2012 1:32:40 PM Allow VPN

10/18/2012 12:48:52 PM Allowed 5 Incoming UDP 131.215.199.152 5C-26-0A-1E-89-9B 1701 255.255.255.255 FF-FF-FF-FF-FF-FF 8612 Tim D2N44JC1 Default 2 10/18/2012 12:47:51 PM 10/18/2012 12:47:51 PM Allow VPN

Discussion Filed Under:

Security, Endpoint Protection Small Business Edition 12.x - 12.1, Endpoint Protection Small Business Edition 12.x, Rules, Tip/How to, Troubleshooting

Comments RSS Feed

Comments 11 Comments • Jump to latest comment

Ashish-Sharma

Where do I find the Rule for "Allow VPN" - Comment:19 Oct 2012 : Link

HI,

Check this

Default Network Threat Protection Rules for Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH91729

Check this thread

Firewall Policy for VPN users

http://www.symantec.com/connect/forums/firewall-policy-vpn-users

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents

Mithun Sanghavi Symantec Employee Technical Support Accredited

Where do I find the Rule for "Allow VPN" - Comment:19 Oct 2012 : Link

Hello,

For Remote location where users log on through a VPN - The following settings are recommended as best practice for the Firewall policy:

Leave as-is all the rules that block traffic on all adapters. Do not change those rules.
Leave as-is the rule that allows VPN traffic on all adapters. Do not change that rule.
For all rules that use the action Allow, change the Adapter column from All Adapters to the name of the VPN adapter that you use.
Enable the rule that blocks all other traffic.

Note: You need to make all of these changes if you want to avoid the possibility of split tunneling through the VPN.

Reference:

Best practices for Firewall policy settings http://www.symantec.com/docs/HOWTO55279

Also, check :

About firewall rules

Creating a firewall policy

Automatically allowing communications for essential network services

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

Ashish-Sharma

Where do I find the Rule for "Allow VPN" - Comment:22 Oct 2012 : Link

HI,

Did you received your answer ?

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents

Tim91125

Where do I find the Rule for "Allow VPN" - Comment:24 Oct 2012 : Link

Thank You All!!

I have been able to block the incoming UDP by de-selecting all the Allow ??? and selecting all the Block ??? in the “Configure Firewall Rules” but I haven’t found the Rule “Allow VPN”.