App-ID Mismatch for symantec-endpoint-manager

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

App-ID Mismatch for symantec-endpoint-manager

L1 Bithead

Is there any experience with 'symantec-endpoint-manager' over tcp/8014 being mis-identified as web-browsing?

 

We have a 5260 firewall in a datacenter environment, with hosts that need to access a Symantec-Endpoint-Server for AV updates.  Clients access the server on port tcp/8014.  Tha pport is associated with app-id 'symantec-endpoint-manager' per the app-id with SSL and web-browsing dependencies.  A policy rule was created for the client to server communication with the three app-id's using the 'application default' ports.

 

When the clients attempt to access the server, they are blocked by the inter-zone rule, with tcp/8014 identified as 'web browsing'.  At this point an application override has been created allowing tcp/8014, ideally we'd like to use the built-in rule to permit the traffic through.

 

Any input that can be provided by the community would be appreciated.

1 accepted solution

Accepted Solutions

If there is an application default configured as a service on the Security Policy that allows symantec-endpoint-manager traffic, the Palo Alto firewall will deny web browsing traffic on destination port 8014.

 

There are two possible resolutions:

1- Allow any service in the Security Policy.

2- Allow web browsing traffic on destination port 8014.

 

for more details kindly find below URL:

https://live.paloaltonetworks.com/t5/Management-Articles/Symantec-Endpoint-Protection-Manager-SEPM-U...

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0

View solution in original post

4 REPLIES 4

L2 Linker

Hi chrislss,

 

which version of PAN-OS you'r using in PA 5260 firewall  ?

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0

The latest release, 8.0.5, is being used.  App/Threat update release is 745-4296 (10/24/17).

If there is an application default configured as a service on the Security Policy that allows symantec-endpoint-manager traffic, the Palo Alto firewall will deny web browsing traffic on destination port 8014.

 

There are two possible resolutions:

1- Allow any service in the Security Policy.

2- Allow web browsing traffic on destination port 8014.

 

for more details kindly find below URL:

https://live.paloaltonetworks.com/t5/Management-Articles/Symantec-Endpoint-Protection-Manager-SEPM-U...

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0

Thank you!  I have to say i don't like the solution, but that definitely explains the issue.  Appreciate the reference.

 

Chris

  • 1 accepted solution
  • 3540 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!