We have SEP 12.1 RU1 Small Business Edition and we're deploying to Windows 2008 R2 machines. It seems that SEP is disabling the native firewall. Has anyone seen this?
Specifically, The SEP Firewall policy on the management server does not have the "Enable this Firewall Policy" checkbox checked -- that is, the policy is disabled. I've pushed the client out to some of our servers and the client is modifying the native Windows firewall, Windows now shows that the native firewall is "Active", but it's also "managed by Symantec" and if you look at the list of active rules there are none. I've confirmed that the firewall is indeed not active by accessing the server on ports that should be blocked. I've also confirmed that I'm setting up the native firewall correctly by doing the same config on another server that doesn't yet have SEP and traffic gets blocked.
Has anyone configured SEP 12.1 SBE and left the native Windows firewall enabled? If so, how? And before you suggest I just enable the SEP firewall, I'd need a different policy for each server as there are different needs/services on each server so that just seems like a silly thing to do.
In Small Businees Edition, can you create a group in the SEPM with different policies? In the regular SEP this is possible and then you simply apply a policy that turns off firewall. unfortunately I have not used the SBE
OK, after several hours online w/Symantec tech support the answer is that Small Business Edition (SBE) does not support turning off the SEP firewall but leaving the Windows firewall active. SBE does have the checkbox to not enable the SEP firewall, but apparently it will still disable the Windows firewall. :-(
SBE does support building an install that is only AV/Anti-spyware, and that will leave the Windows firewall in place, but then there's no intrusion prevention. Seems that's my only option though, or upgrade to Enterprise SEP which they claim supports leaving the Windows firewall enabled while still running IPS.