Endpoint Protection

Hi Support 

I have a DNS server (VM) hosted on the Hyper-v server. After installing the SEP client on the Hyper-v server, we notice the SEP client is blocking all the traffic and this lead to all users are not able to surf the internet. 

From the troubleshooting process, we discovered and confirm SEP client is interrupting the internet. As a workaround, we created a new firewall rules and allowing both Host:  Hyper-v IP and DNS IP | with Action: Allow | with all services: allow/any.

As a results, The SEP on the hyper-v is still blocking the internet traffic. 

anyone encounter this before?>

What troubleshooting steps have you take to confirm it's Network Threat Protection (NTP)? Is it the SEP client on the server side or the workstations that causes the issue.

I'd start with first disabling NTP, if the issue persists, then it's not likely to be NTP.

If the issue is resolved when NTP is disabled, then you need to determine which component/setting in NTP is the issue.

Start by disable the firewall component. If this resolves the issue, then focus on the traffic log and firewall rules.

There are different ways to approach troubleshooting the firewall rules. First I'd recommend making a copy of the existing Firewall policy and using the copy for troubleshooting.

Then take a note of all the block rules which are enabled. Disable all the block rules and turn them on one by one to determine which one causes the issue. Also many of the rules have logging disabled. Turn on longing to the traffic log (not the packet log) to help you track which rule is getting triggered.

Hi Support 

I have a DNS server (VM) hosted on the Hyper-v server. After installing the SEP client on the Hyper-v server, we notice the SEP client is blocking all the traffic and this lead to all users are not able to surf the internet. 

From the troubleshooting process, we discovered and confirm SEP client is interrupting the internet. As a workaround, we created a new firewall rules and allowing both Host:  Hyper-v IP and DNS IP | with Action: Allow | with all services: allow/any.

As a results, The SEP on the hyper-v is still blocking the internet traffic. 

anyone encounter this before?>

Hi Charbel Trainer

Greetings. Here is my feedback.

Findings 1

At first, I fully disabled the Firewall Policy based on the same screenshot you shared.

As a result, users can browse Internet normally without any interruption.

Findings 2

Based on the traffic log, I discovered the interruption was blocked by the default rules – Rules 30. By unchecked rules 30. User can browse Internet normally.

Testing 1

Since the default Rules 30 are meant to Enable all the time, I added a new firewall rules to allow both traffic between the Hyper-V host and DNS server (on the same Hyper-v host). Config as below

• Name: Traffic between HyperV and DNS
• Action: Allow
• Application: Any
• Host:  Local/Remote
• Remote: DNS server IP address
• Local: Hyper-v Host IP address
• Services: Any

As a result, Userscannot browse internet, It is still interrupted by SEP.

Regards

What troubleshooting steps have you take to confirm it's Network Threat Protection (NTP)? Is it the SEP client on the server side or the workstations that causes the issue.

I'd start with first disabling NTP, if the issue persists, then it's not likely to be NTP.

If the issue is resolved when NTP is disabled, then you need to determine which component/setting in NTP is the issue.

Start by disable the firewall component. If this resolves the issue, then focus on the traffic log and firewall rules.

There are different ways to approach troubleshooting the firewall rules. First I'd recommend making a copy of the existing Firewall policy and using the copy for troubleshooting.

Then take a note of all the block rules which are enabled. Disable all the block rules and turn them on one by one to determine which one causes the issue. Also many of the rules have logging disabled. Turn on longing to the traffic log (not the packet log) to help you track which rule is getting triggered.

Hi Support 

I have a DNS server (VM) hosted on the Hyper-v server. After installing the SEP client on the Hyper-v server, we notice the SEP client is blocking all the traffic and this lead to all users are not able to surf the internet. 

From the troubleshooting process, we discovered and confirm SEP client is interrupting the internet. As a workaround, we created a new firewall rules and allowing both Host:  Hyper-v IP and DNS IP | with Action: Allow | with all services: allow/any.

As a results, The SEP on the hyper-v is still blocking the internet traffic. 

anyone encounter this before?>