Configure and manage Symantec Endpoint Security (SES) firewall.
Together with the intrusion prevention system (IPS), the firewall is the first layer of defense against malicious attacks. The Endpoint Security firewall uses a rules-based firewall engine to analyze all incoming traffic and outgoing traffic and offers IPS browser protection to block such threats before they can be executed on the computer.
How the firewall works
Network attacks exploit weaknesses in vulnerable applications. Attackers use these weaknesses to send the packets that contain malicious programming code to ports. When vulnerable applications listen to the ports, the malicious code lets the attackers gain access to the computer.
A firewall does all of the following tasks:
The firewall reviews the packets of data that travel across the Internet. A packet is a discrete unit of data that is part of the information flow between two computers. Packets are reassembled at their destination to appear as an unbroken data stream.
Packets include information about the data such as the following:
The firewall uses rules to control how the client protects the client device from malicious inbound and outbound traffic. The firewall automatically checks all the inbound and the outbound packets against these rules. The firewall then allows or blocks the packets based on the information that is specified in rules. When a device tries to connect to another device, the firewall compares the type of connection with its list of firewall rules. The firewall also uses stateful inspection of all network traffic.
Firewall settings are preconfigured rules each with its own unique requirements for network communication. Each setting allows or restricts communication as appropriate.
All firewall and intrusion prevention elements are processed in the following order:
The cloud console includes a default Firewall policy that can be applied to each group.In most cases the settings does not need to be changed. However, if troubleshooting the client s required, the settings can be enabled or disabled to fine-tune the client device's protection.
Symantec Endpoint Security automatically disables the Windows Defender Firewall. If Windows Defender Firewall needs to be used instead of the Endpoint Security firewall, turn Windows Defender back on in the Firewall policy.