Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

block social web with sepm 12.1

Created: 12 Sep 2012 | 13 comments

 

 

hi!

i need to know how to block some web pages with sepm 12.1.

i have ISA server 2004 but some users run the internet explorer/firefox with a user password that have acceses to facebook, (run as).

So i want to use the sempm 12.1 to block that.

I tried some of your articles and have had no luck.

 

Comments 13 CommentsJump to latest comment

Ashish-Sharma's picture

Hello,

A Quick Note: It is important to have the Application and Device control and Firewall Installed on each Client machine. 

Here are few Articles for the same:

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
 
 
How to block all website and allow only certain websites using Network Threat Protection Firewall rule.
 

 

There are few Threads on the same issue as well, I would suggest a quick look into the same.

https://www-secure.symantec.com/connect/forums/custom-ips-signature-website-blocking

https://www-secure.symantec.com/connect/forums/how-block-access-specific-websites-both-url-and-ip-address

https://www-secure.symantec.com/connect/forums/website-blocking-custom-ips-signatures

Check this thread

https://www-secure.symantec.com/connect/forums/blocking-websites

 

Thanks In Advance

Ashish Sharma

 

 

Chetan Savade's picture

Hi,

Check this video:

Allow and Block websites using Symantec Endpoint Protection Firewall

http://www.symantec.com/connect/videos/allow-and-b...

Article: How firewall works

http://www.symantec.com/docs/HOWTO55054

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

ticmirex's picture

thanks!
before i create the discussion i see this video and web pages

 

http://www.symantec.com/tv/community/details.jsp?v...

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/business/support/index?pag...

and this one: http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/9c561a4628b3c9a44925747f007b19cd?OpenDocument  make a notification but doesn't work.

none of this worked.

 

 

P_K_'s picture

It is very silly question to ask but at times we tend to look forget to look at small things, is NTP installed on the client?

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Ashish-Sharma's picture

hi,

Please Check SEP Client Policy Serial no.same or not both side ?

1. Block particular site by Symantec Endpoint protection:
2. Choose particular Group and select policies
3. Uncheck Inherit Policies check box
4. Click on Firewall Policies and click on "Creat Non Shared policies from copy"
5. Select Rules opton which on Leftside
6. And then click on Add Rule and Click on Next
7. Select Accroding to the requirements
8. Select Host to Block particular site or system or Ip address
9. Select Accroding to the requirements
10.For Example : Here I want to block Facebook site
11.Select DNS domain
12. Provide the site name as below and click on next
13. For example Type *.facebook.com and Click on Finish
14. Rule 0 is created
15. Select rule 0 and right click in the action column and select Block / Allow as per the requirements:
16. To block/allow particular Port , click on Services column
17. To block/allow any application , Click on application coloumn

 

Thanks In Advance

Ashish Sharma

 

 

greg12's picture

Some proposals:

Delete IE and firefox; people could use different browsers (Chrome, Safari, Opera ...)

In the Host column, delete all source hosts (origen) because the rule shall apply to all of them anyway ("*.*").

Furthermore, as far as I know the DNS host entry in the Host column doesn't accept wildcards. Thus "*.*" and "*.hi5.com" don't work. However, DNS domain entries do accept wildcards, so take "*.hi5.com" as DNS domain. Change the facebook entry to "*.facebook.*" or "*.facebook*.*".

Good luck!

ticmirex's picture

its a proxy related issue? i have no luck.

thanks for your help guys.

 

.Brian's picture

SEP is not proxy aware, you will need to modify your rules to include the port your traffic is going out through.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

greg12's picture

Make a simplified test rule with these most important items:

Action Application Host Service Log
Block * All Destination: *.facebook.* * Any Write to traffic log

 

 

 

Apply it to a test group and try if it works.

As another possibility (but not probable), you should check if your clients are in Server Control mode or at least in Mixed control (Clients > Group > Policies > Location.specific Settings > Client User Interface Control Settings). If the clients are in Client control mode, they alone are in charge of firewall rules and the SEPM rules are ignored.