Endpoint Protection

I have http script(ex: http://proxy.mp........) configured as a proxy in the internet explorer browser 

and i want to active the Endpoint Firewall to restrict access to sites like facebook in the computers and i dont have a way to manage the main proxy 

can i do this ?

 

I made a policy in the endpoint and created a rule to restrict all sites and it works in the the same time of the proxy configured in the internet option 

but now i want to allow all sites that already allowed by the main proxy and restrict one site so i created two rules one to allow all sites and the second one to block facebook and it doesn't work.

 

Can anyone help to clear this situation?

Thank you all

SEP isn't proxy aware so if you try to block facebook it won't work. The only way to stop this is to block the proxy, which of course you don't want. SEP wouldn't see facebook as being the destination, it would see your proxy.

hi,

If you want to blocked proxy setting look this on of thread

https://www-secure.symantec.com/connect/forums/how-block-proxy-address-using-sepm-12-ru2

How to block facebook.

Check this

https://www-secure.symantec.com/connect/forums/block-social-web-sepm-121#comment-7685741

find the attach How to block all website and allow only certain websites using Network Threat Protection Firewall rule. http://www.symantec.com/docs/TECH95248 How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients http://www.symantec.com/docs/TECH92097 https://www-secure.symantec.com/connect/forums/how-block-access-specific-websites-both-url-and-ip-address

Hi

Follow the tech TECH92405  for the same .

Regards

Ajin

Hello,

You may like to check this Article:

How to block Web access to client with the help of firewall in a Proxy Environment

http://www.symantec.com/docs/TECH188973

and

this Thread: https://www-secure.symantec.com/connect/forums/block-web-sites-filtered-proxy-fw-rule

Hope that helps!!

Erm, silly question here, but have you checked the priorities of your rules?  Is it possible that the "Allow all sites" rule is getting hit before the "Block facebook" rule (meaning the "Block facebook" rule never gets a chance to do its thing)?

To help investigate, you could enable logging on the rules and have a look see at which one is letting users out.

I think the problem here is the SEP firewall does not see the actual website but it see's the proxy instead. In my experience with this, he will not be able to block certain sites while allowing others. This is why I could never use the SEP fw to block sites.

When I browse out to example.com, my log will show my proxy address, not example.com. So if I created a rule to block example.com, it wouldn't work and I would be able to browse to it just fine. Now, if I block my proxy address, than it works fine, however all my Internet browsing will be blocked.

SEP fw is not proxy aware so this won't work at all. It's an all or nothing deal when it comes to proxies.

If the machine was off the internal network than these rules would work.

 

What is the current status of your requirement, if it close then please mark the valid comment as a solution

Finally i found a solution for this situation by using Intrusion Prevention Signature policy

but there is some changes in the signature

To block google the signature will be : 

rule tcp, dest=(0), msg="GOOGLE BLOCKED", content="www.google.com"

instead of

rule tcp, dest=(80), msg="GOOGLE BLOCKED", content="www.google.com"

please check this link 

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/9c561a4628b3c9a44925747f007b19cd?OpenDocument

Thanks.