Changing SEP firewall default settings to enable SEP to work with the DLP Network Monitor Detection Server
Last Updated September 03, 2013
Changing the SEP firewall default settings to enable Symantec Endpoint Protection (SEP) to work with the Symantec Data Loss Prevention Network Monitor Detection Server
DLP Network Monitor Server, versions 11.x through 12.x
All SEP 12.x supported OS versions, including Windows 2003 and Windows 2008r2
Although both SEP and DLP function as designed, to enable them to work together the SEP firewall must be set to allow DLP Network Monitor to capture packets.The SEP version 12.x default firewall policy blocks the DLP Network Monitor Detection Server from capturing IP packets when it is using a regular network interface card (NIC), such as the Intel Server or Broadcom NICs. If the SEP IP default traffic settings to "Allow only application traffic” are used, all IP packets captured through regular NIC are blocked by the firewall.
Note:The SEP firewall set to the default does not block packet capture by high-speed packet capture adapters, such as the Napatech NT4E card. The Napatech NT4E is not subject to any firewall policy, as it is not implemented on the OS level as a standard network interface.
Use the following SEP IP traffic setting to configure SEP to allow DLP traffic:
Unmatched IP Traffic Settings: Configure to “Allow IP traffic.”This setting allows all incoming and outgoing traffic (including DLP traffic), unless a firewall rule states otherwise. For example, if you add a firewall rule that blocks VPN traffic, the firewall allows all other traffic except for the VPN traffic.
IP traffic includes the data packets that flow through IP networks and those that use the TCP, UDP, and ICMP protocols. Applications, mail exchanges, file transfers, ping programs, and Web transmissions are all types of IP traffic.
Although you can also enable DLP Network Monitor by opting out of the firewall component during SEP installation, or by disabling the SEP firewall after installation, we do not recommend these options.
Imported Document ID: TECH220374
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe