Dear Forum,

I installed SEPM 12.1 and created client packages with default setting. I changed nothing in default settings except I prevented users from changing Settings on clients, set a Client Password and disabled "Disable Firewall" on Client Computers. I didn't change anything regarding firewall setting, didn't disable Windows 7 firewall on clients.

Now I recognized that Firewallrules I set with SEPM where not applied to client computers. After some hours of working I discovered that the Windows 7 Firewall is still active. As I modified the Windows 7 Firewall connecting to the Client was possible.

On Windows XP I had no problems - just modified a SEPM Firewall Rule and Connecting to the client was possible.

Why is Windows 7 Firewall still active although I Installed SEPM?

thanks and kind regards

terra

What's the exact client verson?

So you want the windows firewall disabled?

Which Version - I think it is 12.1.2015.2015.

I thought if I install SEP then Windows Firewall will be disabled automatically. When I open Firewall.cpl/mmc->Firewallsnapin than there apears a message that SEP takes control over firewallsetting...

I believe this was a bug in this version, can you upgrade to 12.1.4?

So, whats the bug here exactly - which firewall works? Do they both work?

Does this describe it?

Installing any Symantec Endpoint Protection package without the firewall disables Windows Firewall
Fix ID: 3063585
Symptom:  After installing Symantec Endpoint Protection with a configuration that installs only Virus and Spyware or Proactive Threat Protection, the application still disables the Windows Firewall.
Solution: Updated the installer conditions to properly recognize previously stored Windows Firewall states and the install or removal of Symantec Endpoint Protection firewall components.

As I said, I installed the default package. I don't know if there is the firewallcomponent included. But the Windows 7 firewall is still active...

As I said, I installed the default package. I don't know if there is the firewallcomponent included. But the Windows 7 firewall is still active...

You need to check that. You can either do it from the SEPM by going to the Clients page and and checking from here or go to the client and go to add/remove programs and check to see if the firewall component is installed. Usually, if you only installed AV, the windows firewall should remain active. If you installed NTP than the windows fw will be disabled.

Where can I verify exactly wheater firewall feature is installed in SEPM?

Login and go to the Clients page.

Set the View to Protection Technology for that group the client is in

There is a tab for Firewall Status, it will either say Enabled or Disabled

You can check for all your clients here

Could it be that SEP Firewall is enabled AND Windows 7 Firewall is enabled too?

It's possible which is why I was curious as to whether or not the SEP fw was even installed. If it is, check the firewall policy >> Windows Integration tab, this is where you can control windows fw settings and how SEP handles them.

See both articles and blog

https://www-secure.symantec.com/connect/blogs/how-enable-windows-firewall-setting-windows-7-machine-sepm-1212

Using (Enabling) Windows Firewall with Symantec Endpoint Protection Network Threat Protection installed

Hallo again,

SEPM says that Firewall is enabled. But as I said: I modyfied Windows FW and then I could connect...

regards

terra

SEPM says "Disable Windows Firewall" - "disable once only"

Set it to "Disable Always"

disable only once will disable fw during the sep install, after system is rebooted the firewall will be enabled.

set the option to never it will not disable the windows firewall.

always wil disable it everytime