Endpoint Protection

 View Only

  • 1.  Endpoint Protection 12 blocks VoIP traffic to asterisk VM

    Posted Jul 24, 2012 10:58 AM

    A little background. I have asterisk running on CentOS in VMWare Workstation on my Windows 7 workstation with Endpoint Protection 12. When reimaging my machine and installing the new version of Endpoint, the network thread protection seems to constantly want to intervene when my Cisco IP phone starts to make it's connection to the IP assigned to the VMWare VM. Since the adapter is setup as bridged, and has it's own individual IP aside from the one assigned to my workstation, I thought creating an exception rule would alleviate this problem. However, it hasn't. I believe the error that it produces is that it's detecting a port scan.

    I want to prevent this from happening, but not hinder the functionality of Endpoint by completely turning off the network intrusion prevention component of it, etc. Has anyone else had this issue pop up with VM's? Trying to figure out what a good course of action is to properly prevent this false positive from occurring.



  • 2.  RE: Endpoint Protection 12 blocks VoIP traffic to asterisk VM

    Trusted Advisor
    Posted Jul 24, 2012 11:32 AM

    Hello,

    Check this Article: Cisco IP Phone version 7970 and Cisco Unified Video Advantage is Blocked by Network Threat Protection (NTP) http://www.symantec.com/docs/TECH105234

    Also, try these steps below:

    1) Open SEPM console
    2) Select Policies tab
    3) Choose Firewall
    4) Right click on the appropriate firewall policy and select Edit
    5) Select Rules from the right hand side
    6) Find the rule that you are using to allow the MAC traffic. Under the column "Service", this rule should currently list Any.
    7) Right click the rule under the column "Service" and click Edit.
    8) Click the Add... button
    9) For the Protocol field, select Ethernet
    10) In the field Protocol Type, enter the following text:
    0x2000
    11) For the field Protocol Direction, select Both.
    12) Click OK buttons until the policy is applied.
    13) Verify that the rule still works and allows the correct traffic through once policy has applied to client.

    Hope that helps!!



  • 3.  RE: Endpoint Protection 12 blocks VoIP traffic to asterisk VM

    Posted Jul 24, 2012 12:38 PM

     

    Try excluding below in Firewall for SEP client .

     



  • 4.  RE: Endpoint Protection 12 blocks VoIP traffic to asterisk VM

    Posted Jul 24, 2012 11:07 PM

    Hi Mithun,

    Thanks, but I don't have a "Policies" tab (this is an unmanaged client). Should I go with Network Threat Protection > Configure Firewall Rules?

     



  • 5.  RE: Endpoint Protection 12 blocks VoIP traffic to asterisk VM

    Trusted Advisor
    Posted Jul 25, 2012 07:15 AM

    Hello,

    Yes, since this is an Managed Client. Please follow the steps by creating the rule from - Network Threat Protection > Configure Firewall Rules

    Hope that helps!!