Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

To block website through firewall

Migration User

Migration UserJul 03, 2009 07:04 AM

How to block website through firewall policy?
Migration User

Migration UserJul 07, 2009 07:29 AM

Top of all the rules, It's processed sequentially.

  • 1.  To block website through firewall

    Posted Jul 03, 2009 07:04 AM
    How to block website through firewall policy?


  • 2.  RE: To block website through firewall

    Posted Jul 03, 2009 08:53 AM
    You need to use Web filtering product to restrict your users from browsing. By this you can allow only sites approved by your organisation.

    Symantec Endpoint Protection is only Desktop product used to protect
                        1) Local files and Folders,
                        2) Application and Device controll
                        3) Network Threat Protection (NTPprovides a firewall and intrusion prevention protection
    to prevent intrusion attacks and malicious content from reaching the computer. The firewall allows or blocks network traffic based on various criteria that the administrator or end user sets.)



  • 3.  RE: To block website through firewall



  • 4.  RE: To block website through firewall

    Posted Jul 03, 2009 11:48 AM
    Hi you can create a firewall rule using Host Rule.  There u can list the DNS Domain like google.com and the rule should be from the source to destination where the source will be ur PCs whome u want to bloack the site access and the destination will be the websites.

    Ajit


  • 5.  RE: To block website through firewall

    Posted Jul 03, 2009 12:57 PM

    I think, this is the document that you need.  Obviously I think that  exist better ways(proxy) to do it.
    Here´s is a document "How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients"

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6e23ee65720a6667ca25754d001a0b2b?OpenDocument
    Remember this work only for specifics URLs to make a kind of filter you will need a proxy o similar tool.

    Please let me now if works !!!!  It should be!!!

    JPG.



  • 6.  RE: To block website through firewall

    Posted Jul 04, 2009 07:26 AM
    Thank you all of you
    i tried Ajit jha and PGA_CR steps but still client able to open blocked site. In this environment already proxy squied is running but i want
    to block through SEP.


  • 7.  RE: To block website through firewall

    Posted Jul 04, 2009 05:20 PM
    Websites can be blocked using NTP firewall create a rule for Host and select DNS domain.
    Then give your website that you need to block.
    The clients should have NTP installed and Enabled.
    Then check if policy is getting updated.
    Once the policy will update that website will be blocked.
    I have blocked atleast hundreds of websites using the Firewall Rule.

    For reference you can check the doc posted by sandeep and PGA_CR above.
    If still your website is not getting blocked that means you are doing something worng in the configuration or the clients don't have NTP or they are not updating the Policies.
     


  • 8.  RE: To block website through firewall

    Posted Jul 05, 2009 11:49 PM
    Client have NTP and it's enabled, policy serial number also updating. i am doing same steps as given in document.


  • 9.  RE: To block website through firewall

    Posted Jul 06, 2009 09:10 AM
    Hi Ajeet,

    Do you need to block entire Browsing for users?


  • 10.  RE: To block website through firewall

    Posted Jul 06, 2009 10:16 AM
    If you move the rule to the top, does it make a difference?


  • 11.  RE: To block website through firewall

    Posted Jul 07, 2009 06:18 AM
    HI Ajju. I want to block only some sites,

    Hi Sandeep, what mean top? please clear it.


  • 12.  RE: To block website through firewall

    Posted Jul 07, 2009 07:29 AM
    Top of all the rules, It's processed sequentially.


  • 13.  RE: To block website through firewall
    Best Answer

    Posted Jul 08, 2009 10:34 AM
    If you need to block only some websites then create a rule in IPS 
               "Add a Custom Intrusion Prevention Signatures" to block.
     
    Steps to add a signature to block

    In the SEPM console, in the system navigation bar, click Policies.
    In the View Policies navigation bar, select Intrusion Prevention.
    In the Tasks list, click Add a Custom Intrusion Prevention Signatures.
    In the Custom Intrusion Prevention Signatures window, set the Name of the policy to Block Yahoo (just an example, you can choose the website that you need to block).
     
    Under the Signature tab, in the Signature Groups section, click Add.
    In the Intrusion Prevention Signature Group dialog, add 
            Group Name 
            Description 
    and then click OK.

    Highlight the newly created Signature Group (Block Yahoo), then in Signature for this Group section, click Add.

    In the Content section add the following text:

    rule tcp, dest=(80), msg=“YAHOO BLOCKED”, content=www.yahoo.com

    Under the Action section  select Block and Click OK to close the Add Signature window.
    Click OK to close the Custom Intrusion Prevention Signatures window.

    Once the Signature is created assign to a test group and verfiy.

    Note: if you block www.yahoo.com and if you browse yahoo site in.yahoo.com
    in.yahoo.com page will open.

    So do not be in wrong impression that signature is created to block yahoo page but you are able to browse.






  • 14.  RE: To block website through firewall

    Posted Oct 01, 2009 06:39 PM

    Hi everyone!!!

    Thanks for the information, it worked!!!  i just have a doubt, i created a custom IPS rule and assigned to a specific group. However i have in that group some location rules and i see that this rule is applied in all my locations. Is there a way to specify where to apply this policy  with the desired location??

    REgards,
    NTC