Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation
Documents related to this topic-
- Symantec Endpoint Protection Manager - Firewall - Policies explained
- Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
What's new in SEP 12.1?
Ø New Default FW rules (Allow Web Service, LLMNR, SSDP on private networks)
Ø FW rule for TCP/UDP is now effective for both ipv4 and ipv6 traffic. All FW rule columns are applied for both ipv4 and ipv6 traffic. Ex: port, application, action, time, etc.
Ø Limited IPv6 support. i.e.
- The FW rule does not allow user to specify ipv6 address.
- Use ‘All hosts’ for the ‘Hosts’ column
- This means all ipv4 and ipv6 addresses
- Traffic, Packet, Security Logs can display ipv4/ipv6 addresses.
- No support yet for IPv6 tunneling (ISATAP, Teredo, etc).
Ø Ability to disable FW policy on Client UI
Ø Option to disable Windows Firewall
Ø Decoupling FW and IPS component
Ø FW rule support “Local Subnet”
Default Symantec Endpoint Protection 12.1 RU1 Firewall Rules explanation:
Please check the attached file: Default_FW_Rules.xls