Endpoint Protection

 View Only

  • 1.  Firewall off when on LAN?

    Posted Aug 16, 2018 12:48 AM
    Hi guys, What is the argument for leaving on the SEP firewall when you are on your corporate LAN and behind the corporate firewall? The argument to disable the firewall would be to reduce complexity and any potential issues with some applications, but why would this be a bad idea? Location awareness is in use when off LAN (i.e can't connect to management server) to then enable the firewall, so remote users are still protected. Cheers, Sam


  • 2.  RE: Firewall off when on LAN?

    Trusted Advisor
    Posted Aug 16, 2018 03:03 AM

    Turning off the firewall is by personal choice but you are also decreasing that extra layer of safety in the product. Plus there are some other elements of SEP that require the firewall to be active to work. 

    https://support.symantec.com/en_US/article.HOWTO80961.html



  • 3.  RE: Firewall off when on LAN?

    Posted Aug 16, 2018 06:56 AM
    • Segmentation/zero-trust model - disallowing user access to server VLANs except for what they need, such as an internal web app
    • Blocking network access for specific apps
    • Blocking access to known malware domains/IPs
    • Can assist in Incident Response situations
      • https://www.symantec.com/connect/articles/how-utilize-sep-121-incident-response-part-5
      • https://www.symantec.com/connect/articles/sep-firewall-did-you-know-how-monitor-web-traffic
      • https://www.symantec.com/connect/articles/controlling-network-traffic-special-purpose-machine-using-sep-firewall

    It has many uses internally but it comes down to your goals and objectives. If none of the above apply or you don't have the time/resources  then it may not be a fruitful effort to leave enabled. As already mentioned, you do remove an important security layer.



  • 4.  RE: Firewall off when on LAN?

    Posted Aug 16, 2018 05:03 PM
    Thanks for the reply guys. Is there a way to test / demonstrate the firewall in action? Similar to downloading the EICAR or SOCAR test files?


  • 5.  RE: Firewall off when on LAN?

    Posted Aug 16, 2018 05:03 PM
    Thanks for the reply guys. Is there a way to test / demonstrate the firewall in action? Similar to downloading the EICAR or SOCAR test files?


  • 6.  RE: Firewall off when on LAN?

    Posted Aug 16, 2018 05:07 PM
    • Create rule(s) to block port scans and run one.
    • Create a rule to block access to websites. 
    • Create a rule to block applications from accessing the Internet ( ie. block browsing from IE)
    • Create a rule to block access from one client machine to another.


  • 7.  RE: Firewall off when on LAN?

    Posted Aug 17, 2018 03:48 AM

    As aways, thanks for the very helpful replies Brian!



  • 8.  RE: Firewall off when on LAN?

    Posted Aug 17, 2018 06:33 AM

    You should also look into Partner Cloud Lab. There is a bunch of useful tools out there to help learn work with the product.