How to use " * " (Asterisk) or "Any" as Application when creating firewall rules in Symantec Endpoint Protection (SEP) 11.0 or 12.1. What is the difference between " * " and Any? Why does the "Allow all applications" rule not work with ICMP/ping or broadcast traffic?
When creating firewall a rule in the Symantec Endpoint Protection Manager (SEPM), there is a difference between leaving the Application field as "Any" and entering an asterisk (*) to match all applications.
This setting will include all packets, no matter which application they’re destined for/coming from or if they are not associated with a running application at all. Therefore this setting will match traffic such as incoming broadcast packets and Internet Control Messaging Protocol (ICMP).
This setting will include only packets that are associated with a running application matching the " * " rule for the file name. Incoming broadcast and ICMP traffic for example, would be excluded from a rule with this configuration.
The default "Allow all applications" rule that is included when a new firewall policy is created uses the asterisk/star (*) in the rule and therefore does not match incoming ICMP traffic. To allow a ping of the host running the Symantec Endpoint Protection client, the "Allow ping" rule should also be enabled.
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.