Endpoint Protection

 View Only

  • 1.  Network Threat Protection blocks Traffic when PC is connected with WWAN Module to internet

    Posted Aug 31, 2012 04:02 AM

    Hello,

    I have a problem with a users travelbook HP 2540p. 

    When he connects to internet by Wireless Boradband with HP Connection Manager, the Network Threat Protection blocks all IP Traffic.

    In the log I found many entries like the following:

     

    1 30.08.2012 16:02:45 Blocked 15 Incoming ETHERNET [type=0x2E4B] 0.0.0.0 00-00-FF-11-F1-D2 0 0.0.0.0 45-00-01-16-00-00 11851 bef LANGROUP Unknown Network 1 30.08.2012 16:01:44 30.08.2012 16:01:44 Block all other traffic
    2 30.08.2012 16:02:45 Blocked 15 Incoming ETHERNET [type=0xC230] 0.0.0.0 00-00-3E-11-5A-51 0 0.0.0.0 45-00-00-7D-0A-EA 49712 bef LANGROUP Unknown Network 1 30.08.2012 16:01:44 30.08.2012 16:01:44 Block all other traffic
    3 30.08.2012 16:02:45 Blocked 15 Incoming ETHERNET [type=0xC230] 0.0.0.0 00-00-3E-11-5A-36 0 0.0.0.0 45-00-00-97-0A-EB 49712 bef LANGROUP Unknown Network 1 30.08.2012 16:01:44 30.08.2012 16:01:44 Block all other traffic
    4 30.08.2012 16:02:45 Blocked 15 Incoming ETHERNET [type=0xC230] 0.0.0.0 00-00-3E-11-5A-35 0 0.0.0.0 45-00-00-97-0A-EC 49712 bef LANGROUP Unknown Network 1 30.08.2012 16:01:44 30.08.2012 16:01:44 Block all other traffic
    5 30.08.2012 16:02:45 Blocked 15 Incoming ETHERNET [type=0xC230] 0.0.0.0 00-00-3E-11-5A-76 0 0.0.0.0 45-00-00-55-0A-ED 49712 bef LANGROUP Unknown Network 1 30.08.2012 16:01:44 30.08.2012 16:01:44 Block all other traffic
     
     
    What could this be? 
    When I disbale the Symantec Management Client Service the internet connection works.
     
    OS: Windows 7 x64
    SEP Version: 11.0.7000.975
     
    Thanks for your help,
    David


  • 2.  RE: Network Threat Protection blocks Traffic when PC is connected with WWAN Module to internet

    Posted Aug 31, 2012 04:46 AM

    Network threat protection consists of two components. 

    i)Firewall

     

    ii)Intrusion prevention System. 

     

    From the logs provided it seems the firewall is blocking the clients. 

     

    Recomemndation : 

     

    Create a firewall rule and make exclusion  for the client. 

     

     



  • 3.  RE: Network Threat Protection blocks Traffic when PC is connected with WWAN Module to internet

    Posted Aug 31, 2012 04:53 AM

    From the NTP logs find out which is rule blocking the traffic and modify it to allow the traffic. 

    This video shows how to Allow and Block websites using Symantec Endpoint Protection Firewall.

     

    http://bcove.me/82e9yf7p



  • 4.  RE: Network Threat Protection blocks Traffic when PC is connected with WWAN Module to internet

    Posted Aug 31, 2012 06:11 AM

    Hi,

     The log is clean is not intrusion attempt
     but you need to authorize the entry of new devices and register it so that is not blocked
     Create a firewall rule and this problem will end
     As it is accessing your network connection it is blocked in your share because it is not the rule.

     hugs



  • 5.  RE: Network Threat Protection blocks Traffic when PC is connected with WWAN Module to internet

    Posted Aug 31, 2012 07:07 AM

    Is location awareness configured on your environment?

    If not please create new location something like "Wireless Boradband" and on the FW policy of this location you can create a rule allwoing the blocked traffic.

    Since it is a laptop. It is always good to have location awareness configured.

     



  • 6.  RE: Network Threat Protection blocks Traffic when PC is connected with WWAN Module to internet

    Posted Sep 03, 2012 05:12 AM

    Hello,

    thanks for your replies.

    I have created a Firewall Rule, so that all Trafiic is not blocked, but it did not work.

    I also createt a new group in SEPM wih exactly the same settings, like the other group whre alle notebooks are stored.

    In the new group i moved the travelbook of the user who has the problem and my notebook. He cannot connect to internet and gets those messages in log, and I can connect.

    Why? We use the same rules!