Video Screencast Help

Where do I find the Rule for "Allow VPN"

Created: 19 Oct 2012 • Updated: 30 Oct 2012 | 11 comments
This issue has been solved. See solution.

I am running SEP 12.1 on my work desktop and I have noticed in the Network Threat Protection Traffic Log that an incoming UDP is being allowed due to a rule called “Allow VPN”.  I would like to block this connection but I haven’t found the rule.

Here is a copy of the log entries.

10/19/2012 6:23:45 AM  Allowed               5              Incoming             UDP       131.215.199.209                7C-6B-33-00-02-C6                62521    224.0.0.1              01-00-5E-00-00-01            8612                       Tim         D2N44JC1            Default 1              10/19/2012 6:22:43 AM         10/19/2012 6:22:43 AM  Allow VPN          

10/18/2012 1:33:41 PM  Allowed               5              Incoming             UDP       DHCP-199-209.caltech.edu [131.215.199.209]      7C-6B-33-00-02-C6 62516    224.0.0.1              01-00-5E-00-00-01            8612                       Tim         D2N44JC1            Default 1                10/18/2012 1:32:40 PM  10/18/2012 1:32:40 PM  Allow VPN          

10/18/2012 12:48:52 PM                Allowed               5              Incoming             UDP       131.215.199.152                5C-26-0A-1E-89-9B                1701       255.255.255.255                FF-FF-FF-FF-FF-FF            8612                       Tim         D2N44JC1            Default 2                10/18/2012 12:47:51 PM                10/18/2012 12:47:51 PM                Allow VPN

Comments 11 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Check this

Default Network Threat Protection Rules for Symantec Endpoint Protection

http://www.symantec.com/business/support/index?page=content&id=TECH91729

Check this thread

Firewall Policy for VPN users

http://www.symantec.com/connect/forums/firewall-policy-vpn-users

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

 

Hello,

For Remote location where users log on through a VPN - The following settings are recommended as best practice for the Firewall policy:

  • Leave as-is all the rules that block traffic on all adapters. Do not change those rules.

  • Leave as-is the rule that allows VPN traffic on all adapters. Do not change that rule.

  • For all rules that use the action Allow, change the Adapter column from All Adapters to the name of the VPN adapter that you use.

  • Enable the rule that blocks all other traffic.

Note: You need to make all of these changes if you want to avoid the possibility of split tunneling through the VPN.

Reference: 

Best practices for Firewall policy settings http://www.symantec.com/docs/HOWTO55279

Also, check : 

About firewall rules

Creating a firewall policy

Automatically allowing communications for essential network services

Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ashish-Sharma's picture

HI,

Did you received your answer ?

Thanks In Advance

Ashish Sharma

 

 

Tim91125's picture

Thank You All!!

 

I have been able to block the incoming UDP by de-selecting all the Allow ??? and selecting all the Block ??? in the “Configure Firewall Rules” but I haven’t found the Rule “Allow VPN”.

Ashish-Sharma's picture

HI,

Check this

SEPM console -> Policy -> Firewall

Thanks In Advance

Ashish Sharma

 

 

Tim91125's picture

Thanks Ashish,

I have seen that screen in other posts but I don't get that in my version on SEP.

Here is the Configure Firewall Rules screen I get.

 

Ashish-Sharma's picture

HI,

You can provide Screen shot ON sep client side.

Are you using Unmanaged client or Managed client ?

If you are using managed client check on SEPM Console.

Thanks In Advance

Ashish Sharma

 

 

Ashish-Sharma's picture

Hi,

If you are using unmanaged Client

VPN didn't work after installing unmanaged SEP

http://www.symantec.com/business/support/index?page=content&id=TECH165790

Thanks In Advance

Ashish Sharma

 

 

SOLUTION
Ashish-Sharma's picture

ok check my last commets and create new rule

VPN didn't work after installing unmanaged SEP

http://www.symantec.com/business/support/index?page=content&id=TECH165790

Thanks In Advance

Ashish Sharma

 

 

Ashish-Sharma's picture

ok check my last commets and create new rule

Thanks In Advance

Ashish Sharma