Video Screencast Help

Can Symantec Endpoint 12.x Firewall work beside another proxy ?

Created: 26 Mar 2013 • Updated: 26 Mar 2013 | 9 comments

I have http script(ex: http://proxy.mp........) configured as a proxy in the internet explorer browser 

and i want to active the Endpoint Firewall to restrict access to sites like facebook in the computers and i dont have a way to manage the main proxy 

can i do this ?

 

I made a policy in the endpoint and created a rule to restrict all sites and it works in the the same time of the proxy configured in the internet option 

but now i want to allow all sites that already allowed by the main proxy and restrict one site so i created two rules one to allow all sites and the second one to block facebook and it doesn't work.

 

Can anyone help to clear this situation?

Thank you all

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

SEP isn't proxy aware so if you try to block facebook it won't work. The only way to stop this is to block the proxy, which of course you don't want. SEP wouldn't see facebook as being the destination, it would see your proxy.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

honey_jack's picture

find the attach

How to block all website and allow only certain websites using Network Threat Protection Firewall rule.

http://www.symantec.com/docs/TECH95248

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

http://www.symantec.com/docs/TECH92097

https://www-secure.symantec.com/connect/forums/how...

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

Mithun Sanghavi's picture

Hello,

You may like to check this Article:

How to block Web access to client with the help of firewall in a Proxy Environment

http://www.symantec.com/docs/TECH188973

and

this Thread: https://www-secure.symantec.com/connect/forums/block-web-sites-filtered-proxy-fw-rule

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SMLatCST's picture

Erm, silly question here, but have you checked the priorities of your rules?  Is it possible that the "Allow all sites" rule is getting hit before the "Block facebook" rule (meaning the "Block facebook" rule never gets a chance to do its thing)?

To help investigate, you could enable logging on the rules and have a look see at which one is letting users out.

.Brian's picture

I think the problem here is the SEP firewall does not see the actual website but it see's the proxy instead. In my experience with this, he will not be able to block certain sites while allowing others. This is why I could never use the SEP fw to block sites.

When I browse out to example.com, my log will show my proxy address, not example.com. So if I created a rule to block example.com, it wouldn't work and I would be able to browse to it just fine. Now, if I block my proxy address, than it works fine, however all my Internet browsing will be blocked.

SEP fw is not proxy aware so this won't work at all. It's an all or nothing deal when it comes to proxies.

If the machine was off the internal network than these rules would work.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

honey_jack's picture

What is the current status of your requirement, if it close then please mark the valid comment as a solution

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

Attia Diab's picture

Finally i found a solution for this situation by using Intrusion Prevention Signature policy

but there is some changes in the signature

To block google the signature will be : 

rule tcp, dest=(0), msg="GOOGLE BLOCKED", content="www.google.com"

instead of

rule tcp, dest=(80), msg="GOOGLE BLOCKED", content="www.google.com"

please check this link 

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/9c561a4628b3c9a44925747f007b19cd?OpenDocument

Thanks.