12.0
Table Of Contents
- Implementation Guide for Symantec™ Endpoint Protection Small Business Edition
- Technical Support
- Contents
- 1. Introducing Symantec Endpoint Protection Small Business Edition
- About Symantec Endpoint Protection Small Business Edition
- About the types of protection
- Single console management
- How you are protected out-of-the-box
- Key features of Symantec Endpoint Protection Small Business Edition
- Components of Symantec Endpoint Protection Small Business Edition
- Where to get more information about Symantec Endpoint Protection Small Business Edition
- 2. Planning the installation
- 3. Installing Symantec Protection Center
- 4. Preparing for client installation
- 5. Installing the Symantec Endpoint Protection Small Business Edition client
- 6. Migrating to Symantec Endpoint Protection Small Business Edition
- 7. Starting the Symantec Protection Center console
- 8. Monitoring endpoint protection
- About monitoring endpoint protection
- Viewing the Daily Status Report
- Viewing the Weekly Status Report
- Viewing system protection
- Viewing virus and risk activity
- Viewing client inventory
- Finding unscanned computers
- Finding offline computers
- Viewing risks
- Viewing attack targets and sources
- About events and event logs
- 9. Managing security policies and computer groups
- 10. Managing content updates from LiveUpdate
- 11. Managing notifications
- 12. Managing product licenses
- 13. Managing protection scans
- About managing protection scans
- How protection scans work
- About the default protection scan settings
- Enabling File System Auto-Protect
- Scheduling an administrator-defined scan
- Scanning computers
- Updating virus definitions on computers
- About managing quarantined files
- Enabling or disabling TruScan proactive threat scans
- About adjusting the protection scans
- About exceptions
- 14. Managing firewall protection
- 15. Managing intrusion prevention protection
- 16. Managing administrator accounts
- 17. Managing disaster recovery
- A. Maintaining and troubleshooting Symantec Endpoint Protection Small Business Edition
- Restarting client computers
- Finding managed computers
- Converting an unmanaged computer
- Finding the server host name and IP address
- Modifying email server settings
- Modifying the server installation settings
- Investigating client problems
- Troubleshooting Symantec Protection Center communication problems
- Troubleshooting content update problems
- Providing information for Symantec Support
- B. Managing mobile clients and remote clients
- Index
When a computer attempts to connect to another computer, the firewall compares
the connection type with the firewall rules. The firewall automatically checks all
the inbound traffic packets and outbound traffic packets against the rules. The
firewall allows or blocks the packets according to the rules.
Firewall rules are processed sequentially, from highest to lowest priority (from
top to bottom in the rules list). If the first rule does not specify how to handle a
packet, the firewall inspects the second rule. This process continues until the
firewall finds a match. When the firewall finds a match, it takes the action that
is specified in the rule. Subsequent lower priority rules are not inspected.
You can order rules according to exclusivity. The most restrictive rules are
evaluated first, and the most general rules are evaluated last. For example, you
should place the rules that block traffic near the top of the rules list. The rules
that are lower in the list might allow the traffic.
You can use triggers such as applications, hosts, and protocols to define complex
rules. For example, a rule can identify a protocol in relation to a destination
address. When the firewall evaluates the rule, all the triggers must be true for a
positive match to occur. If any trigger is false for the current packet, the firewall
does not apply the rule.
You can enable and disable firewall rules. The firewall does not inspect disabled
rules.
Table 14-2 lists the rule parameters that describe the conditions in which a network
connection is allowed or blocked.
Table 14-2
Firewall rule parameters
DescriptionParameter
The name of the firewall rule.Name
This parameter specifies what actions the firewall takes when it
successfully matches a rule.
The actions are as follows:
■ Allow
The firewall allows the network connection.
■ Block
The firewall blocks the network connection.
Action
Managing firewall protection
How the firewall works
130