Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Differentiate between different SEP Client FW States

Created: 19 Dec 2012 | 1 comment
SMLatCST's picture
5 Agree
0 Disagree
+5 5 Votes
Login to vote

Ideally we want the SEPM to be able to differentiate between a client's SEP firewall being disabled by the FW policy being withdrawn (SEP Administrator does not want the client FW to be on), and the FW being disabled by the end user (SEP Admin wants the FW to be on, but end user has disabled it and has been given the power to do so).

This will allow more accurate reporting, and provide SEP Admins with a better idea of the security of their managed endpoints (especially if mutliple network zones exist with different FW requirements).

Currently in RU2, a client will report its FW is disabled (and contribute towards the thresholds in the Security Status on the SEPM) even if the FW is meant to be disabled in its current location.

Historically, prior to 12.1RU2, the FW component is reported as enabled even if the FW policy has been withdrawn and it is not doing anything, as per:

http://www.symantec.com/docs/TECH162868

Finally, the description within the Security Status needs to be updated to correctly reflect that the Firewall is not necessarilly NTP.  NTP should only really say it is disabled if both the FW and IPS components are disabled.

Comments 1 CommentJump to latest comment

Ajit Jha's picture

I am waiting for your Idea to be covered.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

0
Login to vote