Endpoint Protection

 SEP default firewall policy for MAC not allow to use FTP, Chrome remote and Remote Desk top

Daehue Kim's profile image
Daehue Kim posted Sep 25, 2023 02:49 PM

Hello, I am new user for End point protection system.

I installed 14.3.10124.8000 version in iMac.

After that, I could not use Filezilla, MS remote desktop and Chrome remote.

To use them, I need to turn off the firewall setting on the software advance setting window so I entered the Cloud manager and tried to modify firewall setting for Mac but I am not sure that what should I modify to use them.

First of all, I unable number 9 that block local file sharing but I can not use FTP still.

Also, I added a policy like below to use Chrome remote but still I can not use

Please share your knowledge to solve this situation.

Thank you in advance 

Ed Agoff's profile image
Broadcom Employee Ed Agoff posted Sep 29, 2023 12:08 PM

You are making the common mistake of specifying the same port number(s) for both ends of a firewall rule. Networking connections typically use a random ephemeral port at the client (source) and a fixed port at the server (destination). Determining which end is local or remote or source/destination depends on the direction of initial connection. For example, if you want a rule applying to inbound FTP you would specify local TCP port 22; for outbound FTP, specify remote port 22; for FTP in any direction, destination port 22. The other port in all cases would be left blank, or set to 49152-65535 if you wanted to be a stickler. 

To determine what ports you should specify for a particular protocol or app, Google the definition of that protocol or look up the manufacturer's recommended firewall settings.

To make sure you are dealing with a firewall rules issue, try an "Allow All" rule at the top of your Mac rules and if that allows your app then you know you need to allow certain ports for it. If an "Allow All" rule doesn't resolve symptoms then you know you are dealing with some other issue.

Tech support pages may not be clear on port requirements. In these cases, a useful technique to isolate the necessary protocols and ports is to create an "allow" rule at top of SEP Mac firewall rules for the IPv4 and IPv6 addresses of the desired resource. Set this rule to write to traffic log and create an "Allow All" rule just below it that does not write to log. Then connect to the resource and note the destination ports and protocol (UDP/TCP) used in SEP client logging. Create a second more refined firewall rule above the first one and allow all hosts but only the destination ports seen in client logging. Leave logging disabled on this new rule and continue testing and note any new ports/protocols that are still logged by the "Allow IP address" rule and continue refining the top rule. If you see what appears to be random non-ephemeral port usage, e.g. 9616/9623/9286, then allow a range like 9000-10000. Destination port 49152 or higher in logging generally indicates the application is using a random selection in the ephemeral range and you should allow 49152-65535.