Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Nortons firewall issue

Posted on 2014-08-31
5
Medium Priority
?
242 Views
Last Modified: 2014-09-30
Hi all - I'm experiencing a strange issue with Symantec's Nortons Intenet Security in that an application that I've created both .exe and TCP/UDP port allowance rules for is still being blocked.

But it's only blocked on first run/instance after connecting to a VPN.

If the Smart Firewall is disabled (for 15 mins or however long), then the application being blocked is opened, it will connect and work fine.  I can enable the firewall and it still works fine.
I can exit the application and run it again and it STILL works fine while the firewall is on.

It only seems to be after the computer connects to the VPN for the first time each day that Nortons' Smart Firewall needs to be temporarily disabled.

Any suggestions on how I might fix it?
0
Comment
Question by:Reece Dodds
5 Comments
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40296760
Is there any updates for the firewall? It could be a bug!
0
 
LVL 88

Expert Comment

by:rindi
ID: 40296994
Of course Symantec/Norton is a bug. If this is a private PC, remove that crap and install a good AV utility. Panda free antivirus is the best I can recommend. The Windows built-in firewall is more than adequate, so you don't need any 3rd party firewall.

If it is a company PC and it isn't your decision on what AV utility you can install, at least disable the norton firewall and just use the Windows built-in one.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1500 total points
ID: 40297746
There is somehow similar symptom seen..
http://community.norton.com/t5/Norton-Internet-Security-Norton/Firewall-monitor-rule-effects/td-p/1058267
If you are using NIS v. 21.1.0.18 (not NIS v. 20.x) and have the Smart Fiirewall setting for Advanced Events Monitoring turned ON (Settings | Network | Smart Firewall | Advanced Settings | Configure | Automatic Program Control | Configure | Advanced Events Monitoring), please see slee2's thread here.  There appears to be a bug in the NIS v. 21.x firewall, and the only solution I've seen so far is to either turn OFF the Advanced Events Monitoring or downgrade back to NIS 20.x as instructed here.

may want to turn on monitoring to see how the FW is acting based on ruleset on the application traffic interested. By default in "Automatic Program Control" Norton take decisions when a program receives inbound or outbound traffic - we can turn off and turn on Advanced Events Monitoring. Note that this will prompt with numerous firewall alerts.
https://support.norton.com/sp/en/us/home/current/solutions/v19134741_N360_Security_CC_2014_en_us
When you allow the event, the event details appear under the relevant category that is available in Advanced Events Monitoring. The application that triggers the allowed event is added to the trusted list of its corresponding category in Advanced Events Monitoring. You can remove the application from the list. In this case, firewall alert appears when the application triggers the event next time.

Maybe above may help to isolate the issue since configurations does not seems to work seamless and as expected (like happened almost with VPN on). Probably has to try other machine as well or re-install the appl if required.
0
 
LVL 7

Accepted Solution

by:
Reece Dodds earned 0 total points
ID: 40345364
I tried the suggestions above with no luck.
I ended up creating a traffic rule that allowed ALL traffic TO and FROM the external IP address of the VPN server and also the IP range of the VPN network when connected.
This appears to have fixed the problem.

Thanks for your help though.
0
 
LVL 7

Author Closing Comment

by:Reece Dodds
ID: 40351780
resolved by creating a blanket rule for all traffic regardless of application and packet type for the IP addresses associated with the VPN.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Resolve DNS query failed errors for Exchange
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question