Log activity of inherent block_all rule in Endpoint Protection firewall policy log
search cancel

Log activity of inherent block_all rule in Endpoint Protection firewall policy log

book

Article ID: 165269

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

  • Need to know if Symantec Endpoint Protection (SEP) Firewall policy blocks all traffic that does not match firewall rule criteria
  • Need to know if  inherent block_all rule logs activity

Environment

SEP 12.1 or later

Resolution

  • There is an inherent block_all rule in effect in the SEP firewall policy, and the activity is not logged.  
  • This is confirmed with the warning dialog that is presented when attempting to delete all firewall rules from a policy.