Endpoint Protection

 View Only

  • 1.  Firewall Policy

    Posted May 11, 2011 07:52 AM

    in order to enable the IPS we must enable firewall policy also  as per the document below

    http://www.symantec.com/business/support/index?page=content&id=TECH95347

    1 ) How do we enable firewall Policy ?

    2) Even we are not enabling  the firewall policy explicitly does symantec add some firewall policy ?

    3 ) after we enable  the firewall policy do we need to deploy the  client again ?

     

    Thanks



  • 2.  RE: Firewall Policy

    Trusted Advisor
    Posted May 11, 2011 08:05 AM

    Hello,

     

    1 ) How do we enable firewall Policy ?

    To enable the Firewall Policy, you would need the Network Threat Protection Feature (Firewall) installed on your machines. Do you have that installed?

    If not, then, 

     

    You can do that by Auto-upgrade Feature (NOTE: A Restart would be required to the machines to have the Network Threat Protection Turn ON ) :

     

    1. Log on to the newly migrated Symantec Endpoint Protection Manager Console.
    2. Click Admin Install Packages.
    3. In the lower-left pane, under Tasks, click Upgrade Groups with Package.
    4. In the Welcome to the Upgrade Groups Wizard panel, click Next.
    5. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
      • Symantec Endpoint Protection <appropriate version>.
      • Symantec Network Access Control <appropriate version>.
    6. Click Next.
    7. In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
    8. In the Package Upgrade Settings panel, check Download client from the management server.
    9. Click Upgrade Settings.
    10. In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.
    11. For details about settings on these tabs, click Help.
    12. Click OK.
    13. In the Upgrade Groups Wizard dialog box, click Next.
    14. In the Upgrade Groups Wizard Complete panel, click Finish.

     

     

    Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
     
     
    Default Network Threat Protection Rules for Symantec Endpoint Protection
     
     
    Symantec Endpoint Protection Manager - Firewall - Policies explained

    http://www.symantec.com/docs/TECH104433

     

     

    2) Even we are not enabling  the firewall policy explicitly does symantec add some firewall policy ?

    If you haven't installed the Network Threat Protection Feature (Firewall) then there is not polciy being applied to the Client. if you have the Feature Installed the Default Network Threat Protection Policy would be applied.

     

    3 ) after we enable the firewall policy do we need to deploy the  client again ?

    No.

    (NOTE: A Restart would be required to the machines to have the Network Threat Protection Turn ON )



  • 3.  RE: Firewall Policy

    Posted May 11, 2011 08:11 AM

    policies are applied to groups

    when you create new groups; policies are copied to these groups.you can later withdraw them later without deployment.



  • 4.  RE: Firewall Policy

    Posted May 11, 2011 08:25 AM

    how to install  Network Threat Protection Feature in clients



  • 5.  RE: Firewall Policy

    Trusted Advisor
    Posted May 11, 2011 08:53 AM

    Hello,

     

    You can do that by Auto-upgrade Feature:

    1. Log on to the newly migrated Symantec Endpoint Protection Manager Console.
    2. Click Admin Install Packages.
    3. In the lower-left pane, under Tasks, click Upgrade Groups with Package.
    4. In the Welcome to the Upgrade Groups Wizard panel, click Next.
    5. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select one of the following:
      • Symantec Endpoint Protection <appropriate version>.
      • Symantec Network Access Control <appropriate version>.
    6. Click Next.
    7. In the Specify Groups panel, check one or more groups that contain the client computers to be migrated, then click Next.
    8. In the Package Upgrade Settings panel, check Download client from the management server.
    9. Click Upgrade Settings.
    10. In the Add Client Install Package dialog box, on the General tab, specify whether or not to keep existing client features or specify new ones, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration.
    11. For details about settings on these tabs, click Help.
    12. Click OK.
    13. In the Upgrade Groups Wizard dialog box, click Next.
    14. In the Upgrade Groups Wizard Complete panel, click Finish.

     

    NOTE: A Restart would be required to the machines to have the Network Threat Protection Turn ON 



  • 6.  RE: Firewall Policy

    Posted May 11, 2011 11:21 AM

    Dear midhun sangvi

     I guess there is a misunderstanding  , i am attaching  three screen shots

    In the second pic firewall policy is greyed out ( You are talking about the same firewall policy? )

    My question is  even if it's greyed out the policy still effective ?

    Look at the first pic NTP is on ,  Are you  talking abt the same NTP?

     _______________________________________________________________________

    As per the below  statement,  i  withdrawn the firewall policy and  enabled IPS ( 3rd pic )

     

     (  IPS and client firewall
    In order to enable IPS, you must have the client firewall portion of Symantec Endpoint Protection installed and running. This can seem like a problem if you want to run IPS but do not want to use the firewall. To work around this, withdraw the firewall policy. This ensures that IPS is enabled and protecting your network without forcing you to use the client firewall.)

    _________________________________________________________________________

    Here's the full article  http://www.symantec.com/business/support/index?page=content&id=TECH95347&locale=en_US

    Is that correct or it would be better if i add the firewall policy back



  • 7.  RE: Firewall Policy

    Trusted Advisor
    Posted May 11, 2011 11:45 AM

    Hello,

    I would recommend you to Enable the Firewall Policy by Following Steps:

    1. Log on to the newly migrated Symantec Endpoint Protection Manager Console.
    2. Click Policies > Click Firewall
    3. On the Right hand side, Double click on Firewall Policy
    4. Click on Enable Box
    5. Once done, Click on OK.
    6. Right click on Firewall Policy and click on Assign and Assign the policy by putting the check mark on the Groups where you want to assign the Policy.

     



  • 8.  RE: Firewall Policy

    Posted May 11, 2011 01:22 PM

    Dear Midhun

     

    Whats the differnece between SNAC and the firewall policy



  • 9.  RE: Firewall Policy
    Best Answer

    Trusted Advisor
    Posted May 12, 2011 08:23 AM

    Hello,

    Follow the the Links to understand SNAC (Symantec Network Access Control)

    http://eval.veritas.com/flashdemos/products/network_access_control/

     

    Key Features

    • Blocks or quarantines non-compliant devices from accessing the corporate network and resources.
    • Hosts Integrity tests against pre-defined templates such as patch level, service packs, antivirus, and personal firewall status, as well as custom created checks tailored for the enterprise environment.
    • Provides pervasive endpoint coverage for managed and unmanaged laptops, desktops, and servers existing both on and off the corporate network.
    • Provides a seamless integration with Symantec Endpoint Protection 11.0.

    Whitepaper:

     http://www.symantec.com/business/products/whitepapers.jsp?pcid=pcat_security&pvid=1304_1

     

    Symante Network Threat Protection

    Symantec Endpoint Protection 11.0 protects endpoint computing devices from viruses, threats, and risks, and provides three layers of protection to your endpoint computing devices. The layers are network threat protection, proactive threat protection, and antivirus and antispyware protection. Network threat protection blocks threats from accessing your computer by using rules and signatures.The Symantec Endpoint Protection client firewall provides a barrier between the computer and the outside network. The client firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet, detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic. The firewall also protects against network threats and malware that attempt to proliferate in your network, such as bots. All the information that enters or leaves the client computer must pass through the client firewall, which examines the information packets. The client firewall blocks packets that do not meet the specified security criteria.

     

    WhitePaper:

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121714495348