How to block range of IP addresses (Subnets) using Symantec Endpoint protection Firewall rule
How to block range of IP addresses (Subnets) using Symantec Endpoint protection Firewall rule
Some times we might want to block IP addresses ranges using Firewall rules
For example you might want to use specific firewall policies just for IPs from 10.0.0.1 to 10.0.0.220
T he existing default firewall policies does not allow you to add multiple IP addresses
We just get one IP address to add
In order to use my custom IP range in firewall rules I need to create HOST GROUPS
HOST GROUPS in simple terms
--------------------------------------------
Host group is a collection of DNS domain names, DNS host names, IP addresses, IP ranges, MAC addresses, or subnets that are grouped under one name so that you don’t need add IPs individually
ADDING HOST GROUPS (Step 1)
-------------------------------------------
In the console, click Policies.
Expand Policy Components, and then click Host Groups.
Under Tasks, click Add a Host Group.
In the Host Group dialog box, type a name, and then click Add.
In the Host dialog box, in the Type drop-down list, select one of the following hosts:
IP range
Enter the information for each host type.
Click OK.
Click OK.
Using Host Groups in Firewall Policy
--------------------------------------------------
Once you have Created host groups
open console, click policies
Select Firewall policy
Select rules
Create a blank rule
I made it as BLock IP Range
Double click on the Host (By default it will be any)
Now you will see your host group what you added in Step1
Define host relationship
Select if you want to make it local/remote or source or destination
(Source/Destinatio is dependent on the direction of traffic. In one case the local client computer might be the source, whereas in another case the remote computer might be the source)
(Local and remote :The local host is always the local client computer, and the remote host is always a remote computer)
Check the host group
Click Ok
Select the action as Block
Click Ok
Click Ok
Apply the policy
That’s it we should good with our rule for that particular IP ranges.
Hope this was helpful.
Comments 10 Comments • Jump to latest comment
It is easy to use. and very helpfully
Thank you.
Everything works better when everything works together.
good work mate!!
Good One .Simple steps in simple language..
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Very Very Helpful.
Regards, M.R
Really good one but which type of tragic it will block
and i m confusing with source and destination or local and remot option,, any one can explain it
Thanks for this article, very helpful
casino pour mac
Hi,
I want to block the source from where the virus threats are coming from.
Is there a way that I can do that to our SEPM.
Most of the times our SEPM clients are getting threats as w32.downadup, Infostealer, trojan horse,W32.Spybot.Worm, M.p.jpg, winxp.jpb and others.
Thanks,
Meraj
thanks for u r article
nice article! has anyone tried this?
I imagine that if the list becomes too large it would greatly impact client performace. Wondering how low the list of hosts/ IPs/ subnets people have setup before they noticed a degradation in client performance.
guyz i have a question.
i have monitor Netwrok Threat Protection logs and viewed ful report. in that report i saw that some IPs are attacking my webserver. my web server is connected with my LAN and there is another NIC card installed on it and from there it is connected to WAN (with Live IP).
question is what are the corrective and preventive actions that i can perform so that these attacks are stopped.?
also how can i block IPs in SEPM?
Would you like to reply?
Login or Register to post your comment.