Intermittent or no proxy connection between Symantec Endpoint Protection Manager and clients, even though they are correctly configured

book

Article ID: 157920

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After upgrading to Symantec Endpoint Protection (SEP) 12.1.2, Symantec Endpoint Protection clients do not communicate to Symantec Endpoint Protection Manager (SEPM) through the intranet proxy, despite the clients having the correct proxy information. Clients may also connect but appear and disappear from the Symantec Endpoint Protection Manager.

No error codes are generated.

Cause

Proxy order of usage does not process as expected.

Resolution

This issue is resolved in Symantec Endpoint Protection 12.1.3 (12.1 RU3), which changes the proxy order of usage.

Previous order (12.1.2):

  1. System proxy settings
  2. User proxy settings
  3. Direct connection

New order (12.1.3):

  1. Direct connection
  2. System proxy settings
  3. User proxy settings

After you upgrade to Symantec Endpoint Protection 12.1.3, you can then block the direct connection between Symantec Endpoint Protection Manager and the Symantec Endpoint Protection client. To do this, use a Windows Firewall Inbound Rule on the Symantec Endpoint Protection Manager server.

Note: If you are using the Symantec Endpoint Protection client firewall on your Symantec Endpoint Protection Manager server, do these steps first:

  1. Open a firewall policy that applies only to the Symantec Endpoint Protection Manager server's Symantec Endpoint Protection client. You may need to place the Symantec Endpoint Protection Manager server in its own group, with its own firewall policy, for this purpose.
     
  2. Click Windows Integration, select No Action from the drop down menu, and then click OK.

Once the client on the Symantec Endpoint Protection Manager receives and applies this policy, you can perform the following procedure to create an inbound rule with Windows Firewall.

To block the direct connection using Windows Firewall:

  1. On the SEPM server, enable the Windows Firewall if it is not already enabled.
    Start > Control Panel > System and Security > Check firewall status > Turn Windows Firewall on or off > Turn on Windows Firewall. Click OK.
     
  2. From the Windows Firewall control panel, click Advanced Settings.
     
  3. Click Inbound Rules, and then under Actions, click New Rule....
     
  4. In the Rule Type pane, click Custom, and then click Next.
     
  5. In the Program pane, click All Programs, and then click Next.
     
  6. In the Protocols and Ports pane, make the following selections, and then click Next:
    1. For Protocol type, select TCP.
    2. For Local port, leave at the default.
    3. For Remote port, select Specific ports, and in the box below, enter 8014. If you used an alternate communication port number, enter that, instead.
       
  7. On the Scope pane, under Which remote IP Address does this rule apply to?, select to which client IP addresses this applies. When you select These IP addresses, you can click Add to enter an IP address or subnet, an address range, or a predefined set of computers. Click Next.
     
  8. In the Action pane, click Block the connection, and then click Next.
     
  9. In the Profile pane, ensure the Domain, Private and Public boxes are checked. Click Next.
     
  10. Name the rule "Block inbound connections from clients to Symantec Endpoint Protection Manager", and then click Finish.
    By default this action enables this Windows Firewall policy.
     
  11. Restart the Windows Firewall service.
     

 


Applies To

Symantec Endpoint Protection 12.1.2 and 12.1.2.1