Endpoint Protection

I have SEP v 11.0.6000.550, Network Threat Protection on a server. I want to be able to ping another server but I cannot get a successful ping. All I get is a "Request Timed out" response. The only way I can get a successful ping is to disable NTP. I have created a rule to allow all IP protocols to and from this other server. I even tried creating an Allow All rule to try and see where the problem might be in my firewall configuration with no success. I've attached my NTP settings which I also tried modifying.

My traffic log indicates an allowed action in the outgoing direction, ICMP protocol {type=8,code=0} with both remote and local hosts listed.

If anyone knows if there's anything else I could try please let know.

Thanks in advance

Attachment(s)

NTP settings.doc   55 KB 1 version

Is this a unmanged client?

Check this - Allowing Ping with an unmanaged Symantec Endpoint Protection client firewall

http://www.symantec.com/business/support/index?page=content&id=TECH102959&actp=search&viewlocale=en_US&searchid=1303225970454

Moving this thread to the Endpoint Protection forum.

Hello,

What version of SEP are you carrying? Is that the Latest version 11.0.6300? If not, try Migrating to Latest version and Check if that resolves the issue.

OR

Create a Firewall rule for ping, pong and tracert to allow inbound and outbound Type=8 traffic.

Hi,

Are you using windows server 2008 ? If yes, IPV6 can create trouble. Uncheck IPV6 under TCP/IP settings.

If using server 2003, then allow rule should take care.

http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example, HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.

Perhaps you have to add an allow rule for incoming ICMP echo replies (type=0, code=0).

There is a default rule to allow sending ICMP in the default firewall policy. ("Allow ping, pong, tracert" or similar.) It may be inspiring for you

If this doesn't work, check your User Control Level. In Mixed Control SEPM firewall settings may or may not overrule the client settings. All rules above the famous blue line in the Firewall policy rules list will be enforced by SEPM. There may be a rule overriding client rules.

See this document:

http://www.symantec.com/business/support/index?page=content&id=HOWTO27397

It is a managed client running Windows 2003. In SEPM I have put this server in it's own group and given it's own non-shared Firewall policy, I also gave Client control in the Location specific settings so I am able to configure firewall settings on the server in question. So this should be overriding any firewall policy from the SEPM manager correct?

Like I said I did create two rules one for icmp traffic and since that didn't work I tried an allow all rule which also did not work.

try creating the "Allow All" and move the rule to the top of the policy from within the SEPM. Apply the policy to the client and Test.

Let us know the outcome.

Are all clients being involved in the ping in the same group?

Maybe one client may send ICMP requests, but the target may not answer (because of a different policy in a different group). Are there traces of blocking in the traffic log of the sending client?