hobogloves
09-25-04, 03:01 PM
Hi all,
At work we decided to implement Symantec Client Security 2.0 on all laptops (about 15 of them) so that when they go home with them and wherever else they are still protected (at work we have ISA server, Norton Corporate 2004 for Antivirus). So, they have antivirus protection, but we want to secure them with a firewall as well.
[The following is all done in Symantec Client Firewall Administrator] The problem has to do with port blocking. First of all, by default all ports are open and it appears as though you cannot configure it to block all ports except for what you permit. So, naturally I put a deny all statement on the bottom. I then went ahead and above that deny statement permitted only what we allow at work to match the policies. ie. (to get web access functional) TCP/UDP to remote port 53, outbound TCP to remote port 80. I then try to get on the internet and the DNS name is resolved to an IP, but then it will not open google.com or whatever other website. If I change the deny all statement at the bottom to just denying outbound, web sites will open successfully. So it has to do with the blocking of incoming traffic. It looks to me like it does not pick up the TCP stream between remote port 80 and the random public port on the local workstation as routers do. So, it allows port 80 out but does not allow the client's randomly chosen port to come back in. There must be an option, or some way to fix this. Because it is so very common.... and I mean what is the point of allowing only specific ports out, but then allowing all ports in... Kind of defeats the purpose of a firewall when you allow everything to come in. Anyway, if anyone can help me out it would be greatly appreciated. Thanks in advance.
At work we decided to implement Symantec Client Security 2.0 on all laptops (about 15 of them) so that when they go home with them and wherever else they are still protected (at work we have ISA server, Norton Corporate 2004 for Antivirus). So, they have antivirus protection, but we want to secure them with a firewall as well.
[The following is all done in Symantec Client Firewall Administrator] The problem has to do with port blocking. First of all, by default all ports are open and it appears as though you cannot configure it to block all ports except for what you permit. So, naturally I put a deny all statement on the bottom. I then went ahead and above that deny statement permitted only what we allow at work to match the policies. ie. (to get web access functional) TCP/UDP to remote port 53, outbound TCP to remote port 80. I then try to get on the internet and the DNS name is resolved to an IP, but then it will not open google.com or whatever other website. If I change the deny all statement at the bottom to just denying outbound, web sites will open successfully. So it has to do with the blocking of incoming traffic. It looks to me like it does not pick up the TCP stream between remote port 80 and the random public port on the local workstation as routers do. So, it allows port 80 out but does not allow the client's randomly chosen port to come back in. There must be an option, or some way to fix this. Because it is so very common.... and I mean what is the point of allowing only specific ports out, but then allowing all ports in... Kind of defeats the purpose of a firewall when you allow everything to come in. Anyway, if anyone can help me out it would be greatly appreciated. Thanks in advance.