Endpoint Protection Firewall continues to block traffic even after firewall rule is setup
search cancel

Endpoint Protection Firewall continues to block traffic even after firewall rule is setup

book

Article ID: 217104

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

Specific Ports indicated by an application have been added to SEPM or SES, yet the firewall still blocks the application.

Cause

Ephemeral ports are often used by Applications after initial handshakes are completed. These ephemeral ports, if not configured to be open, will be blocked by the firewall.

Resolution

Add Ephemeral ports 49152-65535 as Allowed in the Firewall rule. 

Configuration might look like this: 

Tcp: SourcePort: 5004,9000,33434, 49152-65535 DestinationPort: 5004,9000,33434, 49152-65535
Udp: SourcePort: 5004,9000,33434, 49152-65535 DestinationPort: 5004,9000,33434, 49152-65535
Tcp: LocalPort: 5004,9000,33434, 49152-65535 RemotePort: 5004,9000,33434, 49152-65535
Udp: LocalPort: 5004,9000,33434, 49152-65535 RemotePort: 5004,9000,33434, 49152-65535

Powered by Wolken Software