To ensure that users cannot inadvertently block a custom internal application, the Symantec
Endpoint Protection (SEP) administrator should create an Allow Firewall rule for the application and
place it at the bottom of the firewall rules, above the blue line.
Explanation of Firewall Rule Placement:
Placing the allow rule above the blue line ensures it remains prioritized in SEP’s firewall policy,
meaning that user-created rules cannot override it.
This setup guarantees that the internal application is allowed through the firewall without
disruption, while users can still create other firewall rules without affecting this critical application.
Why Other Options Are Less Effective:
Placing the rule below the blue line (Option A) would allow user-created rules to override it.
Creating an Allow All rule (Option C) could inadvertently allow other unnecessary traffic, which is a
security risk.
Setting a rule based on network adapter type (Option D) does not guarantee that it will cover all
instances of the custom application.
Reference: In SEP firewall configurations, placing critical allow rules above the blue line protects
essential applications from being unintentionally blocked.
