Endpoint Protection

Is there a way to import a list of IP ranges into a firewall policy?

I have a list of IP ranges from Country's that my users do not need to be visiting. The list is obviously huge. Is there a way to import the range of IPs instead of typing the range in one at a time?

I am on version 11.5

FYI...
If interested the list of IPs I got is from this site:
http://www.countryipblocks.net/ 

follow this article

https://www-secure.symantec.com/connect/articles/how-block-range-ip-addresses-subnets-using-symantec-endpoint-protection-firewall-rule

How can I add a large number of hosts to a Host Group in Symantec Endpoint Protection Manager (SEPM)?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008120421314248

let me know if this was helpful

 Unfortunately there is no shortcut for this..
However you can group them by subnet on a XL sheet then block it by range.

I was looking to add a list of ranges (not one range at a time).

Example:

This list added/imported all at once...

217.198.160.0 - 217.198.175.255

217.198.176.0 - 217.198.191.255

217.199.208.0 - 217.199.223.255

217.199.240.0 - 217.199.255.255

...instead of adding 217.198.160.0 - 217.198.175.255 then adding 217.198.176.0 - 217.198.191.255

this is the closest one we can go far with respect to IPs.
divide into subnets and add it
however it does not have import option from xl sheet.

I guess I will block the Root Zone by Country code for now (Example: *.ru, *.cn). Not what I was looking for, but works for now until I can block the IP's.

 if you block it via root zone it might be a issue as in this akamaized world which server is placed where it is difficult to guess.
At the same time there might be a website in that country hosted with .com

 Hi Senrats,

If you would like to see this implemented in the future then I suggest you submit it to our ideas section of this website. Users will then vote on the different ideas and the ones with the highest number of votes will get implemented first. I have not seen your idea posted yet and I think it is great so you should definitely post the idea. Also you can track the development of your idea once it is chosen to be implemented.

https://www-secure.symantec.com/connect/security/ideas

Cheers
Grant

Remember that Symantec Endpoint Protection will have to process every packet against your entire  list for ALL traffic to see if it passes your rule.

While this is not a huge workload for a dedicated firewall or proxy server, you may clobber the performance of your desktops or laptops.

This is better off getting implemented on a gateway device.

Ray

Good Point RAJP (So I give you a thumbs up), but it would be nice to try.
 

Dont you think this is better done at the network/gateway level than at the desktop?

I mean we know that SEP is capable of this, but the amount of rules needed to make this happen would make running and managing the SEP firewall a kludge to use, and would be better done in say a WebFilter type device, or using something like OpenDNS?