Overview of Default Firewall Rules in Symantec Endpoint Protection Manager (SEPM)
Article ID: 279602
Updated On: 11-25-2024
Products
Endpoint Security
Issue/Introduction
Situations may arise where the administrator has changed or modified the default firewall rules and lost the versioning history for them. This article shares these rules as they come out-of-the-box when installing the Symantec Endpoint Protection Manager (SEPM).
Environment
Symantec Endpoint Protection Manager (sampled from version 14.3 RU8)
Cause
The administrator may have modified rules and lost the versioning history for them.
Resolution
Restoring these rules can be accomplished manually by referring to the table below, or by importing the attached ".dat" file into the Symantec Endpoint Protection Manager (SEPM) console.
| ID | Rule | Status | Protocol | Ports | Severity |
|---|---|---|---|---|---|
| 1 | Block IPv6 | Disabled | Ethernet | Protocol=0x86dd | Minor |
| 2 | Block IPv6 over IPv4 (Teredo) | Enabled | UDP | Remote=3544 | Minor |
| 3 | Block IPv6 over IPv4 (ISATAP) | Enabled | IP | 41 | Minor |
| 4 | Allow ICMPv6 | Enabled | ICMPv6 | Type=1-4,128-132,135,136,141-143,148,149,151-153 | Minor |
| 5 | Block SNMP | Disabled | - | SNMP Client, SNMP Management | Minor |
| 6 | Allow fragmented packets | Enabled | IP | fragmented packets | Minor |
| 7 | Allow wireless EAPOL | Enabled | Ethernet | Protocol=0x888e | Minor |
| 8 | Allow USB over IEEE802 | Enabled | Ethernet | Protocol=0x892e | Minor |
| 9 | Allow Local File Sharing to private IP addresses | Enabled | TCP/UDP | Local=137,138,139,445 | Minor |
| 10 | Block Local File Sharing | Enabled | TCP/UDP | Local=137,138,139,445 | Minor |
| 11 | Allow Bootp | Enabled | UDP | Local=68,67 | Minor |
| 12 | Allow UPnP Discovery from private IP addresses | Enabled | UDP | Destination=1900 | Minor |
| 13 | Block UPnP Discovery | Enabled | UDP | Local=1900 | Minor |
| 14 | Allow Web Service requests from private IP addresses | Enabled | TCP/UDP | Local=5357,5358 | Minor |
| 15 | Block Web Service requests | Enabled | TCP/UDP | Local=5357,5358 | Minor |
| 16 | Allow LLMNR from private IP addresses | Enabled | UDP | Local=5355 | Minor |
| 17 | Block LLMNR | Enabled | UDP | Local=5355 | Minor |
| 18 | Allow LLMNR from IPv6 traffic | Enabled | UDP | Local=5355 | Minor |
| 19 | Allow Web Services Discovery from private IP addresses | Enabled | UDP | Local=3702 | Minor |
| 20 | Block Web Services Discovery | Enabled | UDP | Local=3702 | Minor |
| 21 | Allow SSDP from private IP addresses | Enabled | TCP | Local=2869 | Minor |
| 22 | Block SSDP | Enabled | TCP | Local=2869 | Minor |
| 23 | Allow ping, pong, and tracert | Enabled | ICMP | Type=0; Incoming, Type=8, Type=11; Incoming | Minor |
| 24 | Allow all applications | Enabled | - | - | Minor |
| 25 | Allow VPN | Enabled | - | VPN specific | Major |
| 26 | Allow Veritas Protocol | Enabled | Ethernet | Protocol=0xcafe | Major |
| 27 | Allow IGMP traffic | Enabled | IP | 2 | Major |
| 28 | Allow Bonjour traffic | Enabled | UDP | Local=5353, Remote=5353 | Minor |
| 29 | Block broadcast and multicast traffic and don't log | Enabled | - | FF-FF-FF-FF-FF-FF, 224.0.0.0-239.255.255.255 | Information |
| 30 | Block all other IP traffic and log | Enabled | IP | - | Information |
| 31 | Block all other traffic and don't log | Enabled | - | - | Information |
Attachments
Feedback
Was this article helpful?
Yes
No
Powered by
