I've been using SEP's firewall for a few weeks and everything has been fine.
Today, I attempted to enter a rule for some new software that uses remote UDP port 1029 and 4800 and a range of local ports (1027-1209) in both directions (i.e., an Allow_All-hosts_UDP-Remote1029,4800-Local1027-1209-Both).
The rule worked ok -- at first. After a reboot, it quit working.
What I found, was that I could inspect the rule and save and it still didn't work.
However, if I inspected the rule and changed just ONE letter in its name (i.e., remove a letter or add a letter), it WOULD work (until the next reboot).
Also, if I moved the rule up or down in the rule order (i.e., from it's original spot), and then saved (i.e., [OK] from firewall rule dialog), it WOULD work (until the next reboot).
If I used SMC.exe (i.e., from command line) to overwrite and then re-overwrite the rule back to its original, it WOULD NOT work.
If I changed the rule to allow a really WIDE range of UDP ports (i.e, Remote1025-10000, Local1025-10000, Both directions), it behaved the same as the original.
If I changed the rule to allow a Specific Protocol, selecte UDP [17], and Both directions, it would work fine with or without a reboot (don't really want to leave this many ports open, though).
I'm downloading 12.1 RU1 (? -- can't remember it was posted 2011/12/30 and still has 4 hours to go on the download), but I'm concerned that the update may not be the fix for which I'm looking....
Another problem: I attempted to just allow UDP to from this particular application. However, since the application was compiled without a DESCRIPTION field, SEP will not save it as a valid application (i.e., the resultant rule becomes an ALLOW ALL UDP and when I inspect the rule after saving/reinspecting it, there is no application listed). Any chance on using some other means for application trapping?
Thanks for listening.