Hello,
I have a client running SBS 2003, and Symantec Endpoint Protection Version 11.

I have figured out how to block certain websites with Symantec. Is it possible to block by groups? Or somehow allow some users to access a site that others are blocked from?

I've also been asked if it's possible to somehow log/monitor which sites users are visiting. Not attempts to visit blocked sites, but see which sites are being accessed. Does this software provide this capability?

Thanks,
Amber
 

I have figured out how to block certain websites with Symantec. Is it possible to block by groups? Or somehow allow some users to access a site that others are blocked from?
If you set the firewall rules, that can be selected to group you intend to. Move the users to the groups based on rules.


I've also been asked if it's possible to somehow log/monitor which sites users are visiting. Not attempts to visit blocked sites, but see which sites are being accessed. Does this software provide this capability?
No, it does not have this feature to view the sites visited.

Thanks,

I haven't been able to find any instructions on how to do this.

This link in your post just leads to general help.

By groups, do you mean Active Directory groups?

I have a group I've created in AD, and I can 'add a group' in Symantec, where my rule lives, but am not sure how to make the rule work with the group...

Thanks!

Amber

You can block a site using IPS

to block in groups you need to create a host group more info here

 

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

http://service1.symantec.com/support/ent-security.nsf/docid/2009012915443648

 

How can I add a large number of hosts to a Host Group in Symantec Endpoint Protection Manager (SEPM)?

http://www.symantec.com/business/support/index?page=content&id=TECH91252&locale=en_US

Dear Ambar/Pete,

 

Yes, you can block certain web sites for Group & with in that group you can allow some users to vist web site.

Yes, you can create a fire wall rule for that group & mention which web site you want to black for that group.

You have to create one more firewall rule & in that you have to mention Ip address for that user to allow web sites.

Regaring Log, you can create a rule to log traffice & packet for web sites for that grup & then you can view that log.

I have done & it'sworking .

 

Thanks

Shri !!

 

Hi all,

This thread is now included in the Security Solutions Contest!  Simply do your best to solve this thread, or the others included in the contest and you could be crowned "king for the week" and win a weekly prize.  Check out the details here:

https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week

 

Best,

Eric

Check these links

https://www-secure.symantec.com/connect/forums/can-i-know-which-websites-are-visited-user-sepm

 

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

 

Hello,I created a article about it.

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

Best Regards.

Fatih

Refer this video .

Allow and Block websites using Symantec Endpoint Protection Firewall

It will show you how to allow/block the sites using SEP.Remember that if you want to use this feature in all the clients which the website to be block should have Network Threat Protection Installed

In SEPM we can apply the policy in Group Level only.If you want to allow some user to see these websites and to other to block,create two groups.For first group assign the policy which will not block the sites and for the second create a block policy and assign.Move the users/computers to the first group who should use these sites and move the other users to second group who should not use these sites.

 

SEPM/SEP do not having the capability of tracking the sites visited.  

Just to make sure Enable Write Logs on Taffic Log

goto

policy>firewall>Add a Firewall Policy> rules >Add Blank Rule > in Application add iexporer and other internet Browser >host add websites >Action block> Logging write to Traffic log

  

This is what is suggested in the link i've posted above

https://www-secure.symantec.com/connect/forums/can-i-know-which-websites-are-visited-user-sepm

Hello,

Originally I was using 'Intrusion Prevention' and was blocking forbidden sites (eg. facebook). It worked well, but I wanted to know how to allow certain users to access these sites.

So I followed your instructions and removed the rules I had created under 'Intrusion Prevention' and added a new firewall policy.

I'm sure I've followed your instructions but the rule doesn't seem to work (users can all access the sites I've blocked).

I'm pretty sure the problem lies with my groups.

I've created 2 groups - one 'All users except Managers' and one 'Managers'. I used the 'Import AD or LDAP Users' method of adding users to these 2 groups.

All of the users I want are correctly listed in one of the two groups, but the firewall policy doesn't seem to affect them.

I assume I'm missing a step somewhere??

Thanks,

Amber

 

So the firewall rules are not working on the groups??

Is the firewall policy shared ? or have you created 2 policies 1 for managers other for the non manager group?

Can post the screenshot of the rule?

Hi,

Attached is a screenshot of the rule.

Thanks :)
Amber

Did you create the rule in the FW rule list? I think Vikram  means a screenshot like this one below.

 

Yes, sorry.

Attached is that screen shot...

 

Amber

This is the default rule I cannot see the rule for blocking the Websites..

http://www.symantec.com/business/support/index?page=content&id=TECH95248&locale=en_US

 

Mohammad Altaf