App-ID Mismatch for symantec-endpoint-manager

Reply
Highlighted
L1 Bithead

App-ID Mismatch for symantec-endpoint-manager

Is there any experience with 'symantec-endpoint-manager' over tcp/8014 being mis-identified as web-browsing?

 

We have a 5260 firewall in a datacenter environment, with hosts that need to access a Symantec-Endpoint-Server for AV updates.  Clients access the server on port tcp/8014.  Tha pport is associated with app-id 'symantec-endpoint-manager' per the app-id with SSL and web-browsing dependencies.  A policy rule was created for the client to server communication with the three app-id's using the 'application default' ports.

 

When the clients attempt to access the server, they are blocked by the inter-zone rule, with tcp/8014 identified as 'web browsing'.  At this point an application override has been created allowing tcp/8014, ideally we'd like to use the built-in rule to permit the traffic through.

 

Any input that can be provided by the community would be appreciated.


Accepted Solutions
Highlighted
L2 Linker

If there is an application default configured as a service on the Security Policy that allows symantec-endpoint-manager traffic, the Palo Alto firewall will deny web browsing traffic on destination port 8014.

 

There are two possible resolutions:

1- Allow any service in the Security Policy.

2- Allow web browsing traffic on destination port 8014.

 

for more details kindly find below URL:

https://live.paloaltonetworks.com/t5/Management-Articles/Symantec-Endpoint-Protection-Manager-SEPM-U...

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0

View solution in original post


All Replies
Highlighted
L2 Linker

Hi chrislss,

 

which version of PAN-OS you'r using in PA 5260 firewall  ?

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0
Highlighted
L1 Bithead

The latest release, 8.0.5, is being used.  App/Threat update release is 745-4296 (10/24/17).

Highlighted
L2 Linker

If there is an application default configured as a service on the Security Policy that allows symantec-endpoint-manager traffic, the Palo Alto firewall will deny web browsing traffic on destination port 8014.

 

There are two possible resolutions:

1- Allow any service in the Security Policy.

2- Allow web browsing traffic on destination port 8014.

 

for more details kindly find below URL:

https://live.paloaltonetworks.com/t5/Management-Articles/Symantec-Endpoint-Protection-Manager-SEPM-U...

Fawaz El-Diasti
PCNSE 7, ACE PAN-OS 6.1, 7.0, 8.0

View solution in original post

Highlighted
L1 Bithead

Thank you!  I have to say i don't like the solution, but that definitely explains the issue.  Appreciate the reference.

 

Chris

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!