Video Screencast Help

SEP Firewall needs a way to block EAPOL traffic

Created: 05 Aug 2013 | 2 comments
pbuchert's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

Currently there are hidden rules in endpoint protection (windows 7 v12.x) which for example allow EAPOL traffic from SEP client through to a NIC

It should be possible to block all this traffic as well, perhaps a checkmark in the built-in rules for ALL the different types of traffic which can't be blocked with user rules. (I don't even know what else is allowed or will be allowed in future versions)

It is very bad policy that firewall allows any traffic through without me knowing and being able to do something about it. No matter how "dangerous" blocking it might be.

In this case it results in unwanted functionality on the latop. Even though I block all traffic to all interfaces, this will go through. Thus enabling laptop to authenticate to wifi (Granted, it will block rest of the traffic, but it still authenticates and if it has a fixed IP it will stay authenticated to that network)

Comments 2 CommentsJump to latest comment

.Brian's picture

The SEP 12.1 firewall has a rule "Allow wireless EAPOL" in its default policy.

Why don't you change it to "Block"?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
pbuchert's picture

Well, the problem is obviously that a block rule does NOT block it... tried and checked with support

0
Login to vote