How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

Article:TECH92097  |  Created: 2009-01-28  |  Updated: 2014-10-07  |  Article URL http://www.symantec.com/docs/TECH95248
Article Type
Technical Solution


Environment

Issue



You want to create firewall rules to block all but specified web sites.

 


Environment



Website blocking will only function if the computers have SEP's optional Network Threat Protection (NTP) component installed.  If the NTP component is not deployed, the Symantec Endpoint Protection client will not have the ability to block access to websites.


Solution



This can be achieved by using firewall rules.

For example, if you want to allow www.symantec.com (or some other website) but want to block all other web sites, you can accomplish this by creating two custom rules:

The "Allow Symantec" Rule

  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.
  6. Change the name of new rule to (for example) "Allow Symantec", and then select the appropriate Severity.
  7. Double-click in the Application cell to invoke the Application List dialog box.
  8. Select Add to invoke the Add Application dialog box and enter iexplore.exe (or firefox.exe) to allow Internet Explorer (or Firefox) to go to symantec.com.
  9. Click OK twice to return to the firewall policy window.
  10. Double-click the Host cell to invoke the Host List dialog box.
  11. With the Source/Destination option enabled, click Add from the Source section and enter the IP address or IP range of the computers to be allowed.
  12. From the Destination section, click Add, select DNS Domain from the Type drop-down list and enter *.symantec.com. Click OK twice again to return to the Firewall Policy window.
  13. Leave Service at Any and select Action to Allow.
  14. You may also enable logging by selecting Write to Traffic log from the Logging column.




The "Block All Websites" Rule

  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select to Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.
  6. Change the name of new rule to (for example) "Block All Websites", then select the appropriate Severity.
  7. Double-click in the Application cell to invoke the Application List dialog box.
  8. Click the Add button and enter iexplore.exe (or firefox.exe) to block Internet Explorer (or Firefox) traffic to any website.
  9. Click OK twice to return to the Firewall Policy window.
  10. Double-click in the Host cell to invoke the Host List dialog box. Ensure that Source/Destination is enabled and click Add to enter the source and IP address or IP range of the computers to be blocked .
  11. Under Destination click Add and select DNS Domain from the Type drop-down list.
  12. Enter an asterisk (*).
  13. Click OK twice again to return to the Firewall Policy window.
  14. Leave Service at Any and select an Action of Block.
  15. You may also enable logging by selecting Write to Traffic log at Logging column.



Once your rules are in place, move the "Allow Symantec" rule to the top of the rule list and the "Block All Websites" rule to the number two position.

You may need to clear the DNS cache. To do so, go to the Command prompt and type "ipconfig /flushdns" (without the quotation marks).

NOTE: The "Block All Websites" rule may also block some URLs from the allowed website as some web pages connect to other web pages from different domains to show advertisements or other content. However, you can always monitor the Traffic logs and allow those URLs too.

Caution: Check product doumentation before applying a rule to block all websites.  Many products rely upon Internet connectivity in order to function correctly.  For example, the SEPM itself must communicate with Symantec domains in order to run LiveUpdate. SEP 12.1 clients which use the Download Insight component must check with Symantec's Reputation servers online.  Be careful not to unintentionally block connectivity that products need in order to operate. 


 

 




Legacy ID



2009012915443648


Article URL http://www.symantec.com/docs/TECH95248


Terms of use for this information are found in Legal Notices