How to block range of IP addresses (Subnets) using Symantec Endpoint protection Firewall rule
Some times we might want to block IP addresses ranges using Firewall rules
For example you might want to use specific firewall policies just for IPs from 10.0.0.1 to 10.0.0.220
T he existing default firewall policies does not allow you to add multiple IP addresses
We just get one IP address to add
In order to use my custom IP range in firewall rules I need to create HOST GROUPS
HOST GROUPS in simple terms
--------------------------------------------
Host group is a collection of DNS domain names, DNS host names, IP addresses, IP ranges, MAC addresses, or subnets that are grouped under one name so that you don’t need add IPs individually
ADDING HOST GROUPS (Step 1)
-------------------------------------------
In the console, click Policies.
Expand Policy Components, and then click Host Groups.
Under Tasks, click Add a Host Group.
In the Host Group dialog box, type a name, and then click Add.
In the Host dialog box, in the Type drop-down list, select one of the following hosts:
IP range
Enter the information for each host type.
Click OK.
Click OK.
Using Host Groups in Firewall Policy
--------------------------------------------------
Once you have Created host groups
open console, click policies
Select Firewall policy
Select rules
Create a blank rule
I made it as BLock IP Range
Double click on the Host (By default it will be any)
Now you will see your host group what you added in Step1
Define host relationship
Select if you want to make it local/remote or source or destination
(Source/Destinatio is dependent on the direction of traffic. In one case the local client computer might be the source, whereas in another case the remote computer might be the source)
(Local and remote :The local host is always the local client computer, and the remote host is always a remote computer)
Check the host group
Click Ok
Select the action as Block
Click Ok
Click Ok
Apply the policy
That’s it we should good with our rule for that particular IP ranges.
Hope this was helpful.