About Windows Firewall and Symantec Endpoint Protection's NTP
search cancel

About Windows Firewall and Symantec Endpoint Protection's NTP

book

Article ID: 178129

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

For added protection, should both Windows Firewall and SEP's Network Threat Protection (NTP) be used on a computer?

Resolution

Best Practice
It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance.

To prevent this situation, SEP's installer automatically detects and disables Windows firewalls that are enabled. (The exception is, of course, if a custom install package is created which does not include NTP. If this Symantec firewall is not included in the install, an active Windows Firewall will not be disabled during install.)


Using Windows Firewall with SEP's IPS or ADC Features
It is acceptable to have both Windows Firewall and SEP's NTP component installed on one computer, so long as only one of the firewalls is enabled and acting on the network traffic. One circumstance in which customers may wish to implement such a solution is if Windows Firewall is being used for firewall protection and the IPS (Intrusion Prevention System) components of SEP are desired. (To use IDS/IPS, NTP must be installed but NTP does not need to be monitoring traffic.) This is also the case for SEP's Application and Device Control (ADC): to use ADC, NTP must be installed, though it does not need to be monitoring traffic.

In these cases, NTP's Firewall policy must be completely withdrawn so that it is in pass-through mode. To withdraw the firewall policy:

  1. In the console, click Policies.
  2. On the Policies page, under View Policies, click Firewall Policies.
  3. In the Firewall Policies pane, click the specific policy that you want to withdraw.
  4. On the Policies page, under Tasks, click Withdraw the Policy.
  5. In the Withdraw Policy dialog box, check the groups and locations from which you want to withdraw the policy.
  6. Click Withdraw.
  7. When you are prompted to confirm the withdrawal of the policy from the groups and locations, click Yes.






References
Best practices regarding Intrusion Prevention System technology



Powered by Wolken Software