Dear guy

yesterday i had upgrade SEPM to 12.1 RU4, i was export client package and install on windows server ( Win 2008 ENT R2 & win 2012 STD R2) , after install successfull , SEP client take control windows firewall (see picture) . So now i cant control my firewall , all server i using mode: client control and firewall policy is NO action with windows firewall .

So i was try this step : change to mode : server control and restart . after that server windows firewall give me back control. 

IF i use SERVER control may be limit another admin access their server . This is server so i dont need to take control windows firewall because another admin need to control their server windows firewall without SEP firewall.

Can somebody help me ?

HI,

You can check this blog and enable windows firewall

https://www-secure.symantec.com/connect/blogs/how-enable-windows-firewall-setting-windows-7-machine-sepm-1212

Using (Enabling) Windows Firewall with SEP NTP installed

Hi James007

I was try it before but dont helpful for me.Problem still there.

Hi,

Whet sep feature do you have install ?

Try to disable NTP feature in windows server

Disabling the Windows firewall

Best Practices for using Windows Firewall with Symantec Endpoint Protection 12.1

Make these changes in SEPM

https://www-secure.symantec.com/connect/blogs/how-enable-windows-firewall-setting-windows-7-machine-sepm-1212

Set the option to Restore if Disabled in the policy

hi all 

thanks all support. After I doing more and more testing , i prevent 2 situation:

1/ disable or unistall NTP : this step can make you take back control Windows FW if number of SEP client is small and NO Windows FW policy is applied on client

2/ Change client user control inteface setting : server control or mix .(see picture) After do it i was taken back windows FW And i choice this step and i think this is the best way . Why i choice this ? becasuse :

     a. I had more than 7000 SEP client ( server + client ) so I cant unstall NTP for each SEP client even if i deploy a new package for all. IT is impossible.

     b. I had some windows FW policy is applied for server ( ~200 server ) and client ( ~7000 PC) , and i dont want SEP FW overwrite 

     c. for all client i had used SNAC Host integrity ( safe enforce ) so i still need SEP FW for client

Summary : I need Windows FW + SEP FW live together. Nobody disable another.

I think this is SEPM 12.1 RU4 issuse , because before i upgrade SEPM  everything still good  . 

have you follow this blog

https://www-secure.symantec.com/connect/blogs/how-enable-windows-firewall-setting-windows-7-machine-sepm-1212

yes , before i post this thread , i was try that blog guide before but nothing change.

Does sep client received policy ?Did you check restart system after apply policy ?

yes , i do . restart too much time