Blocking a remote computer by configuring peer-to-peer authentication

You can use peer-to-peer authentication to allow a remote client computer (peer) to connect to another client computer (authenticator) within the same corporate network. The authenticator temporarily blocks inbound TCP and UDP traffic from the remote computer until the remote computer passes the Host Integrity check. You can use this enforcement technique when the remote computer is physically remote. The technique leverages advanced capabilities of the
Symantec Endpoint Protection
firewall to enhance access to shared files.
The Host Integrity check verifies the following characteristics of the remote computer:
  • The remote computer has
    Symantec Endpoint Protection
    installed.
  • The remote computer passed the Host Integrity check.
If the remote computer passes the Host Integrity check, the authenticator allows inbound connections from the remote computer.
If the remote computer fails the Host Integrity check, the authenticator continues to block the remote computer. You can specify how long the remote computer is blocked before it can try to connect to the authenticator again. You can also specify certain remote computers to always be allowed, even if they do not pass the Host Integrity check. If you do not enable a Host Integrity policy for the remote computer, the remote computer passes the Host Integrity check.
Peer-to-peer authentication information appears in the Network and Host Exploit Mitigation Traffic log.
Peer-to-peer authentication works in server control and mixed control, but not in client control.
  1. To block a remote computer by configuring peer-to-peer authentication
  2. In the console, open a Firewall policy.
  3. On the
    Firewall policy
    page, click
    Peer-to-Peer Authentication Settings
    .
  4. On the
    Peer-to-Peer Authentication Settings
    page, check
    Enable peer-to-peer authentication
    .
  5. Configure each value that is listed on the page.
    For more information about these options, click
    Help
    .
  6. To allow remote computers to connect to the client computer without being authenticated, check
    Exclude hosts from authentication
    , and then click
    Excluded Hosts
    .
    The client computer allows traffic to the computers that are listed in the
    Host
    list.
  7. In the
    Excluded Hosts
    dialog box, click
    Add
    to add the remote computers that do not have to be authenticated.
  8. In the
    Host
    dialog box, define the host by IP address, IP range, or the subnet, and then click
    OK
    .
  9. In the
    Excluded Hosts
    dialog box, click
    OK
    .
  10. Click
    OK
    .
  11. If you are prompted, assign the policy to a group.