Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

How To Block Internet address via Sep Manager Firewall Rule

Created: 16 Nov 2009 • Updated: 18 Feb 2010 | 26 comments
Language Translations
Fatih Teke's picture
+16 16 Votes
Login to vote

Hi everybody.
If we have not got ISA Server or Firewall how can we block internet addres? Symantec Endpoint Protection can help.
In this article I want to show how can we block internet address step-by-step.
In the Policies Tab >Right click and add for new Firewall Policy> I given name Internet Site Block

1.JPG

Than Click Rules Tab> in here we can see original firewall rules> Click Add Rule. the "Add Firewall Rule Wizard" will open,Click Next

2.JPG

There are 4 Rule Type in here, Application,Host,Network Service and Blank Rule. Choice Host and click Next

3.JPG

In the Address Type: Choice "DNS Domain"   than write your want to block internet address for example *.facebook.com and click Next.

4.JPG

We will see Trusted Host Rule Complate Screen and DNS names which we add before. We can add more Domain Names, Just click "Add More" button. Click Finish
5.JPG

Now we can see our internet site blok rule in number 8 and name Rule 0.

6.JPG

We should change name for remember it and Click Move Up Button for First Firewall Rule. Than Rigth Click in Action Tab and Select "Block" Therefore we Block this domain name.

7.JPG

When we Click OK Button SEP Manager ask to us for assign this policy now. Click Yes and Choice Group (in the picture i choice test group)

9.JPG

When Policy assign in the group all clients wil take new policy. And result, Client try to connect site and Sep Firewall Block users.

10.JPG

Comments 26 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

 Nice work Fatih..too many people had doubts on how to do this..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

0
Login to vote
raposao21's picture

Thanks dude, now i understood what i was doing wrong.

0
Login to vote
Bekir's picture

thanks.

Best regards,
Bekir Burak Durmaz

0
Login to vote
Fatih Teke's picture

Thank you everybody.
I hope this help to you.
SEP Firewall Rules  are very easy to use.

Regards.
Fatih

 Everything works better when everything works together.

0
Login to vote
jomargonzales's picture

You can also use Intrusion Prevention Signatures. Just create a customized signature. Please see the image below. Inser this line in the content:
rule tcp, dest=(80,8080), msg="Accessing Google Website", content=www.google.com

1. 2.JPG
2.1.JPG

Jomar Gonzales

+5
Login to vote
Bumiputera's picture

Is a good article :)
By the way how we can monitor it ? Or pull the report from the firewall or ips where we block the site from SEPM ?

Regards

0
Login to vote
Fatih Teke's picture

you can monitor it from SEP Manager ;)
Thanks

 Everything works better when everything works together.

0
Login to vote
David72's picture

Hi everyone,

i was just having a problem with my sep management console. I cannot log on to it..and one thing more, I cannot see any more the green dot on the sep clients..that means they are not connected to the management console…Is there a way to reset the password? And can any one tell what is the solution to this problem..

Thanks and more power
David

0
Login to vote
AravindKM's picture

hi David 

Pls do not post irrelevant problems under article.Pls post it in a new thread under forms so that it will get maximum visibility in the form

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
NTC's picture

If i block urls with IPS, and enable Localiton Awareness is it possible to block or unblock this rule depending of the location???

Regards,
NTC

0
Login to vote
Fatih Teke's picture

Hello NTC
First of all if you write questions in forum you can take fast reply :)
you can create locations. and each locations have got diffrent firewall policy. for your laptop users you can create 2 rules. one of them "in office" rule another is "out of office rule"
therefore the user cannot access www.examplesite.com in company but when he go to home the location will change and sep firewall rule will change automaticly.
Best Regards.
Fatih 

 Everything works better when everything works together.

0
Login to vote
jomargonzales's picture

Yes. You can apply different policy for different locations.  However, you can monitor the logs under Monitor> Logs > Network Threat Protection and Attacks/Packets.

Jomar Gonzales

0
Login to vote
rickys's picture

Hi, I got this powerful virus in my system from my mail. This virus is send datas from my computer. How can I protect my computer. Please suggest me the solution to remove this virus. Which software is good for protecting from this virus? Thanks!
EDIT

0
Login to vote
Fatih Teke's picture

you should a full system scan and must to delete trojen and any viruses,
if you block your pop3 or smtp traffic via sep you cannot send and take email from anyone.

Regards.
Fatih

 Everything works better when everything works together.

0
Login to vote
biju's picture

Hello, Can I prevent virus by installing Sep Manager Firewall. And in my computer Firewall is already on by default. Which one will restrict my computer from virus?submit articles

0
Login to vote
shekar55's picture

We have lot issues with the internet usuage.SOme times my address or accoutn informtion are been hacked and i have lot of such issues. THis article on How To Block Internet address via Sep Manager Firewall Rule is given me an idea how to block the hacking of internet address. THanks for shairng this informaton...can we have a PPT of this so that it will be more user friendly.
EDIT

0
Login to vote
Hear4U's picture

Glad you enjoy this article.  If you have additional questions regarding other issues, I'd like ot suggest you try searching for specific terms, as the "green dot" has been discussed quite a bit in a variety of threads.

Best,

Eric

check out the community at www.infoblox.com/community

0
Login to vote
Mahesh Kumar's picture

Good to hear that now we can block the internet address via Sep Manager Firewall Rule, Nice explanation and guidelines which you gave it will be helpful to us so that we can secure our datas from computers.

tile cleaning

0
Login to vote
Phillipe's picture

Eric or Fatih - can SEP block a specific file/directory of the specified website? Thanks.

0
Login to vote
Santosh AV's picture

if we forget SEPM Password what we can do Please suggest

0
Login to vote
AravindKM's picture

Pls create a separate thread for your problem.Click on Forms in top of this page you will get option for it. 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
Hear4U's picture

You'll find your answer by using the search option :)

Eric

check out the community at www.infoblox.com/community

0
Login to vote