Endpoint Protection

  • Private Community
 View Only

  • 1.  How to stop ping using firewall in SEP11.0.6?

    Posted May 20, 2011 11:44 PM

    Hello,

     

    I want to block the ICMP service on the servers / clients, so that it will not being ping from the others.

    I have try to modify the settings in the firewall rules sections, but not working.

    By default, the ICMP Ping, Pong service are allowed, I have already change it to "Blocked" and update the policy to the destinated clients/servers , but still able from being ping by others computers.

    Any settings missing?

    OS: Windows 2003 server R2 & Windows XP Professional SP2 (both windows firewall already turned off & Network threat protection - ON)

     

    Regards,

    Eric Chan



  • 2.  RE: How to stop ping using firewall in SEP11.0.6?

    Posted May 21, 2011 12:28 AM

    check the ntp logs; see which rule is responding to PING,block that one.

    http://www.symantec.com/business/support/index?page=content&id=TECH102959&actp=search&viewlocale=en_US&searchid=1303225970454



  • 3.  RE: How to stop ping using firewall in SEP11.0.6?

    Posted May 21, 2011 02:35 AM

    This happens when TCP port 445 is added to the exceptions list. By default, TCP port 445 is added to the exceptions list when you enable File and Printer Sharing in the Windows Firewall exceptions list or when you enable the Windows Firewall: Allow remote administration exception policy setting in Group Policy. To disable ping, you must remove TCP port 445 from the exceptions list. You can do this by disabling File and Printer Sharing in the Windows Firewall exceptions list or by editing File and Printer Sharing in the exceptions list settings so that TCP port 445 is disabled. You can also do this by disabling the Windows Firewall: Allow remote administration exception policy setting.

    To disable the File and Printer Sharing exception so ping is disabled

    1. Open Windows Firewall, and then click the Exceptions tab.

    2. Clear the File and Printer Sharing check box.



  • 4.  RE: How to stop ping using firewall in SEP11.0.6?

    Posted May 21, 2011 07:42 AM

    In the SEPM Firewall rule when you add a rule you get the options to block different protocol select the ICMP protocol and select action as block.



  • 5.  RE: How to stop ping using firewall in SEP11.0.6?
    Best Answer

    Posted May 21, 2011 09:39 AM

    Thanks everyone,

     

    By following Rafeeq and Vikram Kumar solutions, I have discovered the ICMP Ping, Pong are not covering all service so I went in and check all service id numbers.

    The numbers are below for me to try disable ping under ICMP:

    0,3,4,5,6,8,9,10,11,12,13,14,15,16,17,18,30,31,32,33,34,35,36,37,38,39,40

    Now it works, but i am not really sure if it really requires that much to block under ICMP service that used to stop ping.

     

    Regards,

    Eric Chan