A Symantec Endpoint Protection (SEP) client is unable to connect to the Internet using a 3G USB dongle.
In traffic log or TSE debug log, there are a number of blocked packet entries pointing to Ethernet frames with Ethernet Types seemingly random. (ie 0x92)
SEP is incorrectly detecting some frames with mising ethernet headers. Those IP packets are detected as Ethernet frames with a seemingly random Eternet Type value, which leads them to being blocked by Network Threat Protection (NTP), SEP's firewall component.
This issue is resolved in RU7 MP3 and in SEP 12.1 RU2 MP1.
Should it not be possible to immediately update the client, the following workaround can be applied:
- Create a Blank rule in the Firewall policy and move it at the top - Rule Name : 3G USB workaround - Service : a) add - IP, b) add - Ethernet - Protocol type leave blank
- Update the Policy on the client
- Try to connect to the Internet using the 3G USB stick
This will effectively allow all ethernet frames, subject to the rules that are listed above. While this should not be an issue, if the customer is concered about a specific Ethernet type, they will have to create a rule above this one to specifically block it.
It is recommended that customers upgrade the clients to a version where this is fixed rather than used the workaround.
SEP 11 or 12.1
3G USB stick
Windows XP, Vista, 7
Imported Document ID: TECH190649
Subscribing will provide email updates when this Article is updated. Login is required.