Group Policy assignment adding a group sometimes causes the firewall to block all traffic
Article ID: 379098
Updated On:
Products
Issue/Introduction
When you add a Group to a firewall policy using the Group Policy assignment, sometimes it causes all systems assigned to that firewall policy to block all traffic.
Computers are unable to connect to the internet.
The firewall rule then shows up with the HOST TYPE dotted out, as such:
Environment
Symantec Endpoint Security / Complete
Cause
This is a known defect.
When a user adds the same HostGroup twice in the firewall policy rule with the HostType specified as SOURCE and DESTINATION or LOCAL and REMOTE, saves the policy, and later updates the same HostGroup from the policy components tab. This policy component update is incorrectly setting the HostType as blank for all hosts. As a result, when the HostType in the Firewall policy rule is blank, all traffic on the endpoint will be blocked, therefore, the endpoint will not be able to connect to the Internet.
Resolution
This issue is fixed in the beginning of October 2024 refresh for ICDm / SESC.
Previous instances of those rules that are broken need to be fixed, by removing and adding back the target groups (recreating the policy will also fix it).
Feedback
