Video Screencast Help

Blocking websites

Created: 26 Dec 2012 • Updated: 31 Dec 2012 | 5 comments
This issue has been solved. See solution.

Hello frinds,

Please help me in this issue and share ur valuable guide.

How to block/allow website access using the Symantec Endpoint Protection Manager

custom Intrusion Prevention Signature policy.

 

 

Best Regards,

J.Dsilva

Comments 5 CommentsJump to latest comment

Ambesh_444's picture

Hi Dsilva,

 

Please go through the below  link 
 
https://www-secure.symantec.com/connect/forums/it-...
 
There is a document for creating IDS too, check that..
 
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008070803545448
 
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/9c561a4628b3c9a44925747f007b19cd?OpenDocument
 
 
I hope this will help yuo.

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

SOLUTION
Ashish-Sharma's picture

Hi,

Check this 

 

Allow & Block websites using SEP firewall

https://www-secure.symantec.com/connect/videos/allow-and-block-websites-using-symantec-endpoint-protection-firewall

How To Block Internet addres via Sep Manager Firweall Rule

Thanks In Advance

Ashish Sharma

 

 

Ajit Jha's picture

You can Block websites using SEP Firewall. Follow the steps below:

  1. Click on Policies button
  2. Under view Policies > Select Firewall
  3. Edit the existing Firewall Policy
  4. Click Rules
  5. Right Click Rule Number 2 and Select Add a Blank Rule
  6. Right Click Under the Action and Set it to Block
  7. Right Click on the Host Select Edit
  8. Under Specify host names or addresses of computers that trigger the rule Select : Local /Remote
  9. Under Remote Click Add Under Type Select DNS domain
  10. Under DNS Domain type the name of the Website e.g. : *.symantec.com
  11. Click OK and close the Host List Window
  12. Click OK and close the Firewall Policy Window
  13. Assign the policy to the desired group

Regard's

Ajit Jha

Technical Consultant

ASC & STS

.Brian's picture

To use custom IPS, use the following syntax:

rule tcp, dest=(0), saddr=&LOCALHOST, msg="Website Blocked", content="example.com"

You may need to change the dest=(0) to whatever port such as 80 or 443, assuming you use the standard web browsing port.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

 

Hello,

Follow these steps as You do not want the users to visit to any website except for certain sites no matter what browser they use.

Solution

The above configuration can be done by creating only 2 firewall rules. Please follow the below steps to configure the rules.

1. Go to Firewall policy > Rules.

2. Click on Add Rule button. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Select DNS Domain as *.* then Click Next > Click Finish.

4. Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block".

The above rule is to block all the websites. To create a rule to allow only selected websites, please follow the steps below.

1. Go to firewall policy> Rules.

2. Click on Add Rule. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Enter DNS Domain as *.*symantec*.* This is an example which means all the urls related to symantec will be allowed.

4. Click Next > Click Finish. Multiple websites can be added to the same rule.

5. Once the rule is created, highlight the new rule. Go to Action column and make it to Allow.

Note: Place the "Allow" rule on top of "Block" rule.

Assign the policy to the required group. This will allow only the selected website and block all other website.

Caution: If the above rule is applied to the SEPM itself, we need to allow Symantec domain in order to run the liveupdate. This should be applicable to all the machine where Liveupdate will run.

 

Plaese find the article and let me know.

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

1) How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy

http://bit.ly/uLiS84

2) Video: Allow and Block websites using Symantec Endpoint Protection Firewall

https://www-secure.symantec.com/connect/videos/allow-and-block-websites-using-symantec-endpoint-protection-firewall

3) Article: How To Block Internet address via Sep Manager Firewall Rule

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.