Hi all,
Just looking for experienced opinion about the setting that governs whether network communications are allowed before the firewall loads and if the firewall goes offline.
Specifically, the setting is located at:
SEPM > Clients > [Select a client group, or top-level parent if full inheritance is used] > General Settings > Security Settings tab > Security Settins section
And the setting is called:
Block all traffic until the firewall starts and after the firewall stops
I enabled this once back on a SEP 11 setup and if I recall, it caused some issues with programs that loaded before SEP that would try to get on the network - I believe even mapped network drives as well - and due to being blocked initially, you'd get a bunch of errors and would have to hope those programs or functions would have error recovery and try to reconnect again. If not, you had to proceed manually, which for end-users was not acceptable so end result was not to use this feature.
I'm wondering if it's gotten any better with SEP 12.1? Does the firewall load sooner? Is there documentation on exactly when it enters the boot sequence? (Varies by OS of course).
Also on a related note, are there any ways to enter exceptions into the blocked network traffic that results from this blanket policy? I know it les NETBIOS and DHCP traffic (which may anwer my initial question above perhaps). For example, since I remote into systems to do work, if I had to disbale NTP for troubleshooting I would get disconnected I imagine.
Thanks.