Managing the
Symantec Endpoint Security
firewall

Together with the intrusion prevention system (IPS), the firewall is the first layer of defense against malicious attacks. The
Endpoint Security
firewall uses a rules-based firewall engine to analyze all incoming traffic and outgoing traffic and offers IPS browser protection to block such threats before they can be executed on the computer. See:

How the firewall works
Network attacks exploit weaknesses in vulnerable applications. Attackers use these weaknesses to send the packets that contain malicious programming code to ports. When vulnerable applications listen to the ports, the malicious code lets the attackers gain access to the computer.
A firewall does all of the following tasks:
  • Prevents any unauthorized users from accessing the computers and networks in your organization that connect to the Internet
  • Monitors the communication between your computers and other computers on the Internet
  • Creates a shield that allows or blocks attempts to access the information on your computer
  • Warns you of connection attempts from other computers
  • Warns you of connection attempts by the applications on your computer that connect to other computers
The firewall reviews the packets of data that travel across the Internet. A packet is a discrete unit of data that is part of the information flow between two computers. Packets are reassembled at their destination to appear as an unbroken data stream.
Packets include information about the data such as the following:
  • The originating computer
  • The intended recipient or recipients
  • How the packet data is processed
  • Ports that receive the packets
How do firewall rules and settings work?
The firewall uses rules to control how the client protects the client device from malicious inbound and outbound traffic. The firewall automatically checks all the inbound and the outbound packets against these rules. The firewall then allows or blocks the packets based on the information that is specified in rules. When a device tries to connect to another device, the firewall compares the type of connection with its list of firewall rules. The firewall also uses stateful inspection of all network traffic.
Firewall settings are preconfigured rules each with its own unique requirements for network communication. Each setting allows or restricts communication as appropriate.
How the firewall processes firewall rules and settings
All firewall and intrusion prevention elements are processed in the following order:
Modifying the firewall rules and settings
The cloud console includes a default Firewall policy that you apply to each group. In most cases you do not have to change the settings. However, if you need to troubleshoot the client, you can enable or disable some of the settings to fine-tune the client device's protection.
  1. To modify the firewall rules or settings
  2. Go to
    Policies
    >
    Firewall policy
    >
    Default Firewall policy
    .
  3. Under
    General Settings
    , make sure
    Firewall
    is turned on.
  4. Do any one of the following tasks:
  5. To enable a setting on the client that the user can configure, under
    User Interaction Settings
    , turn on the setting. See:
  6. To find which applications are allowed or blocked, go to the
    Home
    page >
    Home
    tab >
    Threat Protection
    view >
    Firewall KPI
    .
Viewing firewall events and reports
To view the firewall events
  1. On the
    Endpoint
    tab, go to the
    Alerts and Events
    >
    Security Events
    tab.
  2. Under
    Technology
    , select
    Firewall
    .
To view the firewall report
  1. On the
    Endpoint
    tab, go to the
    Reports and Templates
    .
  2. On the
    Generated Reports
    tab, select
    Firewall Report
    .
Enabling the Windows Defender Firewall
Symantec Endpoint Security
automatically disables the Windows Defender Firewall. If you need to use the Windows Defender Firewall instead of the
Endpoint Security
firewall, you can turn Windows Defender back on in the Firewall policy. See: