Blocking a list of IP ranges from a Country - Importing from a list of IP ranges
Created: 27 Jan 2010 | 10 comments
Is there a way to import a list of IP ranges into a firewall policy?
I have a list of IP ranges from Country's that my users do not need to be visiting. The list is obviously huge. Is there a way to import the range of IPs instead of typing the range in one at a time?
I am on version 11.5
FYI...
If interested the list of IPs I got is from this site:
http://www.countryipblocks.net/
Discussion Filed Under:
Comments
HI
follow this article
https://www-secure.symantec.com/connect/articles/how-block-range-ip-addresses-subnets-using-symantec-endpoint-protection-firewall-rule
How can I add a large number of hosts to a Host Group in Symantec Endpoint Protection Manager (SEPM)?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008120421314248
let me know if this was helpful
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Sorry Rafeeq
I was looking to add a list of ranges (not one range at a time).
Example:
This list added/imported all at once...
217.198.160.0 - 217.198.175.255
217.198.176.0 - 217.198.191.255
217.199.208.0 - 217.199.223.255
217.199.240.0 - 217.199.255.255
...instead of adding 217.198.160.0 - 217.198.175.255 then adding 217.198.176.0 - 217.198.191.255
"Trust, but verify."
Unfortunately there is no
Unfortunately there is no shortcut for this..
However you can group them by subnet on a XL sheet then block it by range.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
hi
this is the closest one we can go far with respect to IPs.
divide into subnets and add it
however it does not have import option from xl sheet.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Another option...
I guess I will block the Root Zone by Country code for now (Example: *.ru, *.cn). Not what I was looking for, but works for now until I can block the IP's.
"Trust, but verify."
if you block it via root
if you block it via root zone it might be a issue as in this akamaized world which server is placed where it is difficult to guess.
At the same time there might be a website in that country hosted with .com
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Hi Senrats, If you would
Hi Senrats,
If you would like to see this implemented in the future then I suggest you submit it to our ideas section of this website. Users will then vote on the different ideas and the ones with the highest number of votes will get implemented first. I have not seen your idea posted yet and I think it is great so you should definitely post the idea. Also you can track the development of your idea once it is chosen to be implemented.
https://www-secure.symantec.com/connect/security/ideas
Cheers
Grant
Please don't forget to mark your thread solved with whatever answer helped you : )
Remember that Symantec
Remember that Symantec Endpoint Protection will have to process every packet against your entire list for ALL traffic to see if it passes your rule.
While this is not a huge workload for a dedicated firewall or proxy server, you may clobber the performance of your desktops or laptops.
This is better off getting implemented on a gateway device.
Ray
Good Point...
Good Point RAJP (So I give you a thumbs up), but it would be nice to try.
"Trust, but verify."
Dont you think this is better done at the network/gateway level than at the desktop?
I mean we know that SEP is capable of this, but the amount of rules needed to make this happen would make running and managing the SEP firewall a kludge to use, and would be better done in say a WebFilter type device, or using something like OpenDNS?
There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."
Would you like to reply?
Login or Register to post your comment.