The current SEP firewall component has the ability to permit/deny direction network traffic, however, the timeout on the stateful table is set to 5 minutes, which is FAR too low. This connection table timeout needs to be raised to hours, not minutes, or custom configurable. Further: the stateful table should not rely on entering specific applications in the firewall rule in order to work: nearly all firewall produts, including Windows integrated firewall, are capabale of allowing outbound connections and maintaining their stateful connection tables.
↧