Endpoint Protection

 View Only

  • 1.  How to verify current firewall rules on the SEP client?

    Posted Sep 10, 2009 02:50 AM
    Hello,

    I have enabled server control from firewall policy. Now that the SEP11 client user interfaces edit firewall rules is hidden how can I verify and see what rules the client is actually using?

    Thanks!


  • 2.  RE: How to verify current firewall rules on the SEP client?

    Broadcom Employee
    Posted Sep 10, 2009 03:03 AM
    if the client is managed, then you need to verify the SEPM policy detail tab and client GUI to see if the policy serial number is same.


  • 3.  RE: How to verify current firewall rules on the SEP client?

    Posted Sep 10, 2009 03:25 AM
    Ok. I can see that the policy serials are the same. And they change when I edit the policy.

    So there's no way to see the actual rulebase on the client once the client is managed?


  • 4.  RE: How to verify current firewall rules on the SEP client?

    Posted Sep 10, 2009 03:42 AM
    You cant see the rules in the clients... The policies are stored in *.dat files and wont be in human readable form.

    REF:
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/44d736eadec2d1d18025734e00339414?OpenDocument


    Make sure that Policy serial numbers are same in SEPM and Clients. If both are same then clients will have the same rules mentioned in the server.

    Hope this helps



     


  • 5.  RE: How to verify current firewall rules on the SEP client?
    Best Answer

    Posted Sep 10, 2009 08:47 AM
    I agree with SHP. Its not really recommended to have your users take a look at what kind of security measures in terms of Firewall Rules are set for their antivirus client.

    If you want to test a specific rule, then you can take one rule at a time and start testing it based on the parameters you have specified in the rulebase.

    Best,
    Aniket