Understanding the Smart Traffic Filters in Endpoint Protection
search cancel

Understanding the Smart Traffic Filters in Endpoint Protection


Article ID: 153141


Updated On:


Endpoint Protection


How do the "Enable Smart DNS", "Enable Smart DHCP" and "Enable Smart WINS" options in the Symantec Endpoint Protection (SEP) 12.1 or 14 firewall policies work?



The Smart Traffic Filter options in SEP do not block traffic. These options allow outgoing requests and incoming replies that match a previous request.

Incoming packets not matching the Smart Filters criteria will be handled by the firewall rules, and are typically blocked. There is no need to add separate firewall rules to allow the DNS, DHCP or WINS ports when the Smart Filters are enabled. The Smart Filters override the firewall rules, and by only accepting solicited incoming packets they are more secure than creating a firewall allow rule to open each of the ports.

If you disable the Smart Filters, you will need to create firewall rules that allow the remote UDP ports 53, 67/68, and 137 in order to enable DNS, DHCP, and WINS respectively.