Endpoint Protection

 View Only

  • 1.  SEP blocking local server traffic

    Posted Nov 10, 2009 08:54 AM
    WinXP SP 3 - SEP 11 -Antivirus/Antispyware, Proactive threat protection, Network Threat protection - LAN includes NetWare, Windows and Linux boxes - 200 or so client workstations - Restaged 150 or so workstations about three months ago, GHOSTed from reference machines, zero problems.

    One workstation having "tree or server" issues when attempting NetWare login. Get to desktop and it turns out that SEP is perceiving server traffic as "threats." This has not been an issue prior to a week or so ago, and is only an issue on this one machine.  When I disable Network Threat Protection, problems go away.

    Re-ghosted machine, and it has the same problem. Machine I ghosted it from has no problems. Can't uninstall SEP manually on the problem client (?)

    Changed SEP policy on the server to "whitelist" server IPs. Manually updated policy on the problem client. Has not made a difference yet.  Only thing that works is disabling Network Threat Protection on the individual client.  A-not secure  B-cumbersome for the user

    What the heck is going on?






  • 2.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 09:05 AM
    Create a allow all rule make it as first rule in FW policy apply it to the group which contains the problematic client and see.... 
    Also tell us whether the client FW is in which mode of control(server,client,mixed)?


  • 3.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 11:11 AM
    Follow this document

    Unable to Logon to Novell client after installing Symantec Endpoint Protection 11.0.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007103013041048


  • 4.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 11:13 AM
    if the above does not work you can try this
    click on policies
    select firewall policy
    click on rules
    click on add rule
    select network service
    add novel client (you will get from the drop down menu)
    move the rule to the top order ( rules are applied from top to bottom)
    apply to all your clients
    should work fine.



  • 5.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 11:30 AM
    Thanks for the suggestions, I'll work with those.

    I don't really want an "allow all" rule, although I guess I could put one in place to test.

    It's not only the novell client that does not work, however. No traffic from local servers gets through--linux, windows, novell, all get blocked.  Apparently, as the client requests networks services and gets replies, the replies are being interpreted as threats.

    Clients are managed clients...not sure what "client, server, mixed" is...?

    Thanks again!


  • 6.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 11:46 AM
    In that rule you can add another network services like

    Network neighborhood browsing and network neighborhood sharing to allow access for your clients.


  • 7.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 11:46 AM
    Following this link from Rafeeq:

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007103013041048

    Anyone know why it directs me to use the server MAC address rather than IP? Would it only be b/c you might change the IP at a later date?  

    The messages on the problem client all reference the IP addresses, and frankly it's easier to work with those...

    Thanks for any insight you all can offer!


  • 8.  RE: SEP blocking local server traffic

    Posted Nov 10, 2009 01:08 PM
    Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

    This doc will give you thre idea about control mode
    Below discussion can give you some tips to solve your issue
    SEP Firewall block Windows Novell Client