Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP -unmanged computer

ℬrίαη

ℬrίαηNov 06, 2012 07:43 PM

So you want to block this type of traffic?

  • 1.  SEP -unmanged computer

    Posted Nov 06, 2012 03:50 PM

    Hello it a simple question about Symantec Endpoint unmanaged computers.I use SEP as firewall in Windows 8 .My firewall is turn off .But my problem is how I can use rules to ICMP .I would like to use (ping and tracert) but my problem is is I pass ICMP code 0 --8 (ping ,tracert ) work well .

    But my system is visible .Scaner nping see my computer .Computer is passing  icmp-code 0 icmp-type 0 .Please help .

     



  • 2.  RE: SEP -unmanged computer

    Posted Nov 06, 2012 07:43 PM

    So you want to block this type of traffic?



  • 3.  RE: SEP -unmanged computer

    Posted Nov 06, 2012 11:49 PM

     

    Problem



    How to add a rule in a Symantec Endpoint Protection client firewall to allow an unmanaged client to accept Ping.
     

    Solution



    To add a rule in the firewall polices:
    1. Open the Symantec Endpoint Protection client interface
    2. Select Status
    3. Click Options for "Network Threat Protection"
    4. Select Configure Firewall Rules
    5. Click Add
    6. Type a name for the new rule (Example: "Allow ICMP" )
    7. Under "Action", select Allow this traffic
    8. Select the network interface card that you want this rule applied to.
      • Note: If you want this rule to always run, select Apply this rule while the screen saver is On and/or Off.
    9. Go to the Hosts tab
    10. Select Apply this rule to and select where you want this rule applied. (The default is "All hosts")
    11. Go to the Ports and Protocols tab
    12. Click on the Dropdown menu and select the ICMP
      • In the sub menu, select Echo Request – 8 and Echo Reply - 0 (you may select others that you need for your environment)
    13. Click OK

     

    https://www-secure.symantec.com/connect/forums/unmanaged-client-stops-echo-requests-vlan

     



  • 4.  RE: SEP -unmanged computer

    Trusted Advisor
    Posted Nov 07, 2012 05:58 AM

    Hello,

    To simplify your doubt.

    Please Correct me if I am wrong... 

    Environment: Windows 8 and SEP 12.1 RU2 Beta Unmanaged client with all Features.

    Query:  

    Want to Create Firewall rule to Stealth option .

    • Block / Log all incoming
    • Allow all outgoing include (ICMP ,TCP/IP,UDP) (Application - Skype, firefox, ping,)

    Issue :

    After rules are created to allow " icmp" (ping,tracert) for both out/in the ping works.

    However, when running Online Scanner nmap, it detects ports to be open.



  • 5.  RE: SEP -unmanged computer

    Posted Nov 07, 2012 09:14 AM

    1.Yes I use SEP 12.1.1989.1989

    2.Yes I want to Stealth option

    3.Block / Log all incoming

    4.Allow all outgoing include (ICMP ,TCP/IP,UDP) (Application - Skype, firefox, ping,All my application) YES exactly

    5.YES I create ICMP both (ping,tracert)

    6.Ping ,tracert ---not work

    ============================================

     



  • 6.  RE: SEP -unmanged computer

    Posted Nov 07, 2012 09:24 AM

    Kolor,

    You created your rules.

    You are alloowing outgoing pongs and tracerts?

    Now, you are trying to test, but are you testing to a machine, but does that machine have the same settings?

    Meaning, are you trying to ping or tracert to a machine that has ICMP echo traffic disabled?

    Can you, for example, from that machine ping google.com?

    Are you receiving any error messages when trying to ping out?

    Can another machine ping the machine you are trying to stealth?

     

     



  • 7.  RE: SEP -unmanged computer

    Posted Nov 07, 2012 09:39 AM

    MY rules

    1.Block incoming traffic

    2.Allow outcoming all

    3.Allow ICMP  0,3,4,5,8,9 alllllllll   (ping,tracert ) both traffic 

     

    Yes I ping www.google.pl  without respond

    YES ww.ping.eu   ping me not work

      SEP show me ntoskrnl.exe has blocked



  • 8.  RE: SEP -unmanged computer

    Broadcom Employee
    Posted Nov 12, 2012 05:23 AM

    Hi,

    Could you please confirm what challenges are you facing while creating this rule?

    We have tested with unmanaged client (beta version) & steps are as per the following.

    SEP unmanaged client GUI --> NTP --> Click on Options --> Select Configure firewall rule --> click on add --> Provide the name to the rule -->Select the desired action (allow or block) -->Keep default firwall settings -->Go to ports & protocols --> Select ICMP --> Now select Echo reply (0), Echo request (8), Time Exceeded for datagram (11)--> Move this rule to the top of the available rules.

    Now you should see general message failure while doing ping request.

    Screenshot it attached to the reference.

    Let us know if you need more help on this.

     



  • 9.  RE: SEP -unmanged computer

    Posted Nov 12, 2012 09:00 AM

    Ok it means it my Windows 8 will be firewall stealth mode it yes your opinien .

    What abut this .Try in your system .ANd tell my your Firewall pass or block .

     

      http://nping.online-domain-tools.com/

     

    --icmp-type 0  --icmp-code 0    Yours Firewall IP  .



  • 10.  RE: SEP -unmanged computer

    Posted Nov 16, 2012 03:16 PM

    There is someone who help my to create good rules to by my Window 8 as firewall stealth mode.

    The main problem is with "ICMP " how I may passing this move .



  • 11.  RE: SEP -unmanged computer

    Trusted Advisor
    Posted Nov 23, 2012 01:15 AM

    Hello,

    I would suggest you to create a Case with Symantec Techical Support for a quick troubleshooting and solution.

    How to create a new case in MySymantec

    http://www.symantec.com/business/support/index?page=content&id=TECH58873

    Phone numbers to contact Tech Support:-

    Regional Support Telephone Numbers:

    • United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    • United Kingdom: +44 (0) 870 606 6000
     
    Hope that helps!!


  • 12.  RE: SEP -unmanged computer

    Posted Dec 02, 2012 10:44 PM

    and don't forget to keep us updated with the solution :-)



  • 13.  RE: SEP -unmanged computer

    Posted Dec 04, 2012 05:11 AM

    Hi I was call to US but I don't understand this adviser .My English is to Bad to understand .And I think this adviser was from INDIA or Pakistan .He conect me from NORTON service .he he

     

    Yes problem is still leaving .I try to ask in Poland Adviser .But Polsih man told me it's very diffical allow to pass ICMP code 3 with safe entry .Scanner nmap see your system .

    acually rules ##################firewall stealth mode#############

    1.Allow ICMP ---0,11 incomming

    2.Allow ICMP --8 --outgoing 

    ##### ping.tracert work well ####

    3.ICMP--both--block 1,2,3,4,5,6,ALL

    4.Allow outgoing (firefox,skype)

    5.Block incoming

    ################################This man help my ""elisha_riedlinger"" #######

    But the issue still alive.ICMP code 3 ----how pass with safer mode .

    SEP symantec it isn't edge firewall and it difficall to use rules .

     



  • 14.  RE: SEP -unmanged computer

    Posted Dec 04, 2012 05:15 AM

    SYMANTEC website

    #######################################################

    Failure of server APACHE bridge:
    Port number in WebLogicCluster parameter specified in httpd.conf is not an integer less than 65535, or servers are not specified correctly. Cannot continue.
    Build date/time: Apr 20 2009 15:29:34
    Change Number: 1211636

    #####################################################3