How to block website through firewall policy?
You need to use Web filtering product to restrict your users from browsing. By this you can allow only sites approved by your organisation.
Symantec Endpoint Protection is only Desktop product used to protect
1) Local files and Folders,
2) Application and Device controll
3) Network Threat Protection (NTPprovides a firewall and intrusion prevention protection
to prevent intrusion attacks and malicious content from reaching the computer. The firewall allows or blocks network traffic based on various criteria that the administrator or end user sets.)
These docs are gonna take you though it.
De facto when AV does something, it starts jumping up and down, waving its arms, and shouting...
"Hey! I found a virus! Look at me! I'm soooo goooood!"
Hi you can create a firewall rule using Host Rule. There u can list the DNS Domain like google.com and the rule should be from the source to destination where the source will be ur PCs whome u want to bloack the site access and the destination will be the websites.
ASC & STS
I think, this is the document that you need. Obviously I think that exist better ways(proxy) to do it.
Here´s is a document "How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients"
Remember this work only for specifics URLs to make a kind of filter you will need a proxy o similar tool.
Please let me now if works !!!! It should be!!!
Thank you all of you
i tried Ajit jha and PGA_CR steps but still client able to open blocked site. In this environment already proxy squied is running but i want
to block through SEP.
Websites can be blocked using NTP firewall create a rule for Host and select DNS domain.
Then give your website that you need to block.
The clients should have NTP installed and Enabled.
Then check if policy is getting updated.
Once the policy will update that website will be blocked.
I have blocked atleast hundreds of websites using the Firewall Rule.
For reference you can check the doc posted by sandeep and PGA_CR above.
If still your website is not getting blocked that means you are doing something worng in the configuration or the clients don't have NTP or they are not updating the Policies.
Client have NTP and it's enabled, policy serial number also updating. i am doing same steps as given in document.
Do you need to block entire Browsing for users?
If you move the rule to the top, does it make a difference?
HI Ajju. I want to block only some sites,
Hi Sandeep, what mean top? please clear it.
Top of all the rules, It's processed sequentially.
If you need to block only some websites then create a rule in IPS
"Add a Custom Intrusion Prevention Signatures" to block.
Steps to add a signature to block
In the SEPM console, in the system navigation bar, click Policies.
In the View Policies navigation bar, select Intrusion Prevention.
In the Tasks list, click Add a Custom Intrusion Prevention Signatures.
In the Custom Intrusion Prevention Signatures window, set the Name of the policy to Block Yahoo (just an example, you can choose the website that you need to block).
Under the Signature tab, in the Signature Groups section, click Add.
In the Intrusion Prevention Signature Group dialog, add
and then click OK.
Highlight the newly created Signature Group (Block Yahoo), then in Signature for this Group section, click Add.
In the Content section add the following text:
rule tcp, dest=(80), msg=“YAHOO BLOCKED”, content=www.yahoo.com
Under the Action section select Block and Click OK to close the Add Signature window.
Click OK to close the Custom Intrusion Prevention Signatures window.
Once the Signature is created assign to a test group and verfiy.
Note: if you block www.yahoo.com and if you browse yahoo site in.yahoo.com
in.yahoo.com page will open.
So do not be in wrong impression that signature is created to block yahoo page but you are able to browse.