How to block all websites and allow only certain websites using Network Threat Protection Firewall rule.

Article:TECH95248  |  Created: 2009-01-28  |  Updated: 2013-12-17  |  Article URL http://www.symantec.com/docs/TECH95248
Article Type
Technical Solution


Issue



How can I block all websites and allow only some of the selected websites with the help of Network Threat Protection (NTP)? 

 


Environment



Website blocking will only function if the computers have SEP's optional Network Threat Protection (NTP) component installed.  If the NTP component is not deployed, the Symantec Endpoint Protection client will not have the ability to block access to websites.


Cause



You do not want the users to visit to any website except for certain sites, no matter what browser they use.


Solution



The above configuration can be done by creating only 2 firewall rules. Please follow the below steps to configure the rules.

Note: That Firewall Rule will not work if the proxy settings are configured in the browser.

  1. Go to Firewall policy > Rules.
  2. Click on Add Rule button. Select Host > Next > From Address Type drop down menu select DNS domain.
  3. Select DNS Domain as *.* then Click Next > Click Finish.
  4. Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block".


The above rule is to block all the websites. To create a rule to allow only selected websites, please follow the steps below.

  1. Go to firewall policy> Rules.
  2. Click on Add Rule. Select Host > Next > From Address Type drop down menu select DNS domain.
  3. Enter DNS Domain as *.*symantec*.* This is an example which means all the urls related to symantec will be allowed.
  4. Click Next > Click Finish. Multiple websites can be added to the same rule.
  5. Once the rule is created, highlight the new rule. Go to Action column and set it to Allow.


Note: Place the "Allow" rule on top of "Block" rule.

Assign the policy to the required group. This will allow only the selected websites and block all other websites.

Caution: If the above rule is applied to the SEPM itself, we need to allow Symantec domains in order to run LiveUpdate. This should be applicable to all machines where LiveUpdate will run.


 


 




Legacy ID



2009072816443448


Article URL http://www.symantec.com/docs/TECH95248


Terms of use for this information are found in Legal Notices