Our server unit has 2 new Novell servers that were just implemented in our environment.  The problem is I cannot see them or access them, but when i turn off the firewall locally on the machine - i can see the servers.  How do i set up a firewall exception to alllow the access to the Novell servers.  i dont know what questions to ask to get the required info to create the exception.

please help me...

thanks

Check the traffic log on the machine doing the blocking. This will tell you exactly what is being blocked and from here you can start to build the necessary rule(s)

Customizing firewall rules

http://www.symantec.com/business/support/index?page=content&id=HOWTO55097

agree to above, or you can create a top most rule to allow traffic for the IP.

Hello,

Go the firewall policy and create a new policy and there you can define the exception that you want to create.

If you want to create a firewall rule which affects only this one managed client, you have two options.

1. Put this client in a unique group in the SEPM and then apply your customized firewall policy to only this group.
2. Add a customized firewall rule to the client itself (as opposed to adding the rule to the policy in the SEPM.)

I am going to assume you will want option 2 and will provide instructions for that. If you need something different, let me know. I am also going to assume you are using SEP 11.0.x (as opposed to SEP 12.1), since you were not specific.

By default, a managed SEP client will not allow a user to create their own firewall policies from within the SEP client GUI. You will need to change the client interface control settings from within the SEPM to give yourself permission to to modify the client-side firewall rules. Follow these steps:

1. Login to the SEPM
2. Click Clients
3. Select the group that your client is in
4. Click Policies (the tab at the top)
5. Remove policy inheritance (checkbox at top) if necessary
6. Expand Location-specific Settings
7. Click Server Control (it will open a new dialog box)
8. Select Client control from the list
9. Click OK
10. Wait for the SEP client to pick up the policy change. (You can speed this up by right-clicking the SEP system tray icon on the client and clicking Update Policy.)

After you have made this change, you can now modify the client-side firewall rules using the following steps.

1. Double-click the SEP system tray icon
2. Click Options next to Network Threat Protection
3. Click Configure Firewall Rules...
4. Click Add
5. Fill out the rule information as you see fit and click OK.

I suggest creating an Allow All rule (which, as the name suggests, allows all network traffic in or out of the box) and bumping it to the top of the rule list in order to confirm that this fixes the problem. If an allow all rule does NOT fix the problem, then any more specific rule (i.e., restricted to a certain port, protocol, or application) most certainly won't fix it either. Thus, testing the allow all rules can save you some time in the end.

Reference - Check this Thread:

https://www-secure.symantec.com/connect/forums/firewall-exception-managed-client

Hope that helps!!

Hi ,

First check the NTP log and then create a new policy for excluding and create the rule,

if you want to apply the policy in your system crrate a new group and and test according to ur exclusion.

for your reference

https://www-secure.symantec.com/connect/forums/firewall-exception-managed-client

Hello! - Option #2 sounds exactly what I need to do.  Can you provide the instructions for version 12.1.1000, I'm sorry I should have been more specific as to the version.

thanks!!

Check here:

Adding a new firewall rule

http://www.symantec.com/business/support/index?page=content&id=HOWTO81156

I checked the traffic logs and attached a copy.  I still do not know how to set the exception with the info from the traffic log.  what am i looking for? 

Attachment(s)

for solo.txt   336 KB 1 version