Endpoint Protection

 View Only

  • 1.  Block all inbound traffic with SEP Firewall

    Posted Oct 25, 2016 07:58 PM

    I've been tasked with evaluating the SEP firewall to replace the Windows Firewall configuration in our environment.   I'm attempting to create a firewall rule that will be used when computers are off site.   The rule simply needs to block all inbound traffic from other hosts,  while allowing any outbound traffic from the computer (essentially mirroring the default Windows firewall behavior).   

    I don't see any indication SEP has configuration options based on inbound/outbound traffic direction,  so what would be the best way to achieve this?



  • 2.  RE: Block all inbound traffic with SEP Firewall

    Posted Oct 25, 2016 08:09 PM

    You'd create two rules: one to allow whatever type of traffic you want and move it to the top. The second rule would block everything else and be moved under the first rule.

    https://www.symantec.com/connect/articles/sep-121-firewall-how-block-rdp-while-allowing-only-specific-connections

    https://www.symantec.com/connect/articles/controlling-network-traffic-special-purpose-machine-using-sep-firewall



  • 3.  RE: Block all inbound traffic with SEP Firewall

    Posted Oct 25, 2016 10:38 PM

    Can you please go into a bit more detail about how the two rules would be configured?   What I'm not seeing is how to specify the rule that only allows outbound traffic.

    For instance,  I currently have something like this:

    2016-10-25 19_35_06-Firewall Policy.png

    What I find is that everything hits the first rule and is allowed, whether outbound or inbound.  So what am I missing here as far as specifying direction?

     



  • 4.  RE: Block all inbound traffic with SEP Firewall

    Posted Oct 27, 2016 05:48 PM

    Bump for specific advice on how to accomplish this...