Endpoint Protection default firewall rules for Mac may not include some common macOS services
Article ID: 171774
Updated On:
Products
Issue/Introduction
Symantec Endpoint Protection (SEP) for Mac includes new firewall functionality, and default firewall rules may not include some common macOS services.
Environment
macOS
SEP 14.2
Cause
The firewall feature in SEP for Mac is new and under development. As this feature matures it will include more complete default firewall rules for common macOS network services. In the meantime, the default rule list may need editing.
Resolution
The following are suggested edits to SEP Firewall policy in Mac Settings (there are separate Windows Settings in firewall policy - these edits do not apply there).
Add these rules to Mac Settings rules, just above "Block broadcast and multicast traffic and don't log" rule:
| Rule Name | Action | Host | Service |
| Allow AirDrop | Allow | Any | TCP [Destination* Port: 8770] Both directions. |
| Allow Airport | Allow | Any | UDP [Destination* Port: 192] Both directions |
| Allow Kerberos | Allow | Any | TCP & UDP [Remote Port: 88] Both directions |
| Allow outgoing DLP | Allow | Any | TCP [Remote Port: 10443] Outgoing |
| Allow outgoing RDP | Alow | Any | TCP [Remote Port: 3283] Outgoing |
| Allow outgoing JAMF | Allow | Remote IP | TCP [Remote Port: 8443] Outgoing |
| Allow LDAP | Allow | Any | TCP [Remote Port 389] Both directions TCP [Remote Port 3268] Outgoing |
*Using "destination port" will allow outgoing and incoming connections. If you want to allow outgoing connections only, use "remote port". To allow incoming connections only, use "local port"
Edit these existing rules in Mac Settings rules - changes in red:
| Allow web traffic | Allow | Any | TCP & UDP [Remote Port: 80, 443] Outgoing - remove UDP |
| Allow Local File Sharing to private IP addresses | Allow | Any | Add - UDP [Remote Port: 138] Outgoing |
For allowing other applications, for example Perforce which uses TCP port 1666, explicitly add a rule like below
| Allow Perforce | Allow | Any | TCP [Remote Port: 1666] Outgoing |
References
Feedback
