Default Symantec Endpoint Protection 12.1 RU1 Firewall Policy explanation

Documents related to this topic-

1. Symantec Endpoint Protection Manager - Firewall - Policies explained
   http://www.symantec.com/docs/TECH104433
2. Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper
   http://www.symantec.com/docs/TECH169904

What's new in SEP 12.1?

Ø  New Default FW rules (Allow Web Service, LLMNR, SSDP on private networks)

Ø  FW rule for TCP/UDP is now effective for both ipv4 and ipv6 traffic. All FW rule columns are applied for both ipv4 and ipv6 traffic. Ex: port, application, action, time, etc.

Ø  Limited IPv6 support. i.e.

-           The FW rule does not allow user to specify ipv6 address.

-           Use ‘All hosts’ for the ‘Hosts’ column

-           This means all ipv4 and ipv6 addresses

-           Traffic, Packet, Security Logs can display ipv4/ipv6 addresses.

-           No support yet for IPv6 tunneling (ISATAP, Teredo, etc).

Ø  Ability to disable FW policy on Client UI

Ø  Option to disable Windows Firewall

Ø  Decoupling FW and IPS component

Ø  FW rule support “Local Subnet”

Default Symantec Endpoint Protection 12.1 RU1 Firewall Rules explanation:

 Please check the attached file: Default_FW_Rules.xls