Network Threat Protection of SEP 12.1 does not pass UDP traffic on port 39999 correctly.

book

Article ID: 158919

calendar_today

Updated On:

Products

Endpoint Protection Network Access Control

Issue/Introduction

Communication between the Symantec Endpoint Protection (SEP) Clients and the Symantec Network Access Control (SNAC) Enforcer is using UDP traffic on port 39999. Clients are not authenticated by SNAC Enforcer.

Cause

Network Threat Protection of SEP 12.1 does not pass UDP traffic on port 39999 correctly if it includes a firewall rule to block all traffic.

Resolution

The issue has been resolved in SEP 12.1 RU5 and higher.
Download the latest version of Symantec Endpoint Protection:
https://support.symantec.com/en_US/article.tech103088.html

Workarounds for SEP 12.1 pre-RU5:

  • Create a new rule to allow 39999 UDP incoming and outgoing traffic and move it above the rule of blocking all traffic.
  • Create a new rule to allow the traffic of SNAC.EXE and SNAC64.EXE and move it above the rule of blocking all traffic.