Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Cannot block Facebook (https)

Created: 10 Mar 2013 • Updated: 10 Mar 2013 | 14 comments

Hello ,

I need to block the https facebook & I tried with both method
 
1- Firewall policy >>> block rule >> for dns "*.facebook.com" >> first rule ==> not applied
 
2- custom Intrusion Prevention Signature policy >>> rule tcp, dest=(80,443), msg="facebook BLOCKED", content="www.facebook.com"
 
both methods not working 
 
any suggesstions please
 
thanks
Operating Systems:

Comments 14 CommentsJump to latest comment

.Brian's picture

Can you confirm the client has applied the policy you created by comparing the serial number in the SEPM with that on the client?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Hossam Adel's picture

thank for your reply

 

yes the client updated with policy's SN  .

 

I tried  rule tcp, dest=(0), msg="facebook BLOCKED", content="www.facebook.com" 

and it blocks https facebook but also block another sites contains word facebook " news sites"

Rafeeq's picture

Might sound as a dump question. but make sure you have all the components of SEP installed.

A smillar document to block website is this one.

http://www.symantec.com/business/support/index?pag...

pete_4u2002's picture

check these links

 Block certain websites

http://www.symantec.com/business/support/index?pag...

https://www-secure.symantec.com/connect/articles/h...

Blocking a Website using Symantec Endpoint Protection

http://www.symantec.com/docs/TECH92405      ...

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

http://www.symantec.com/docs/TECH92097

Ambesh_444's picture

Hi,

 

Here are few Articles for the same:

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
 
 
How to block all website and allow only certain websites using Network Threat Protection Firewall rule.
 
 

 

 

Thank& Regards,

Ambesh

"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

Chetan Savade's picture

Hi,

This is a nice article to follow.

https://www-secure.symantec.com/connect/forums/can...

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Hossam Adel's picture

I found that the Machines which have TMG client installed , all rules of Firewall or intrusion not applied

 

what is the problem with TMG client that prevent Symantec block the sites ???

 

 

Chetan Savade's picture

Hi,

You install Symantec Endpoint Protection clients on Microsoft Forefront TMG, Forefront Server Security for Sharepoint, or Forefront Server Security for Exchange Server. You need to configure the recommended exclusions

Refer this article: Configuring Symantec Endpoint Protection exclusions for Microsoft Forefront

http://www.symantec.com/docs/TECH106465
 

 

 

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Hossam Adel's picture

Thanks Chetan ,

 

Now I install the Forefront TMG client & it says on the article 

 

 

Forefront TMG operates in collaboration with Windows Firewall through the Windows Filtering Platform mechanisms. Thus, unlike ISA Server, Windows Firewall must be enabled on the computer where Forefront TMG operates.

The following table summarizes paths and processes that should be excluded from antivirus scanning for Forefront TMG Medium Business Edition and Forefront TMG 2010.

 

 

Does this mean I have to enable the Windows firewall on all clients & make the exceptions? 

is it possible to enable two firewall app on the same machine ? 

 

thanks

Chetan Savade's picture

Yes, if we look at Forefront TMG recommendations it seems that Windows Firewall must be enabled on the computer where Forefront TMG operates.

It's possible to enable two firewall app on the same machine however Symantec does recommend to use only one Antivirus/firewall at same time. It avoids conflict and improves the system performance.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

 

Hello,

Follow these steps as you do not want the users to visit to any website except for certain sites no matter what browser they use.

Solution

The above configuration can be done by creating only 2 firewall rules. Please follow the below steps to configure the rules.

1. Go to Firewall policy > Rules.

2. Click on Add Rule button. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Select DNS Domain as *.* then Click Next > Click Finish.

4. Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block".

The above rule is to block all the websites. To create a rule to allow only selected websites, please follow the steps below.

1. Go to firewall policy> Rules.

2. Click on Add Rule. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Enter DNS Domain as *.*symantec*.* This is an example which means all the urls related to symantec will be allowed.

4. Click Next > Click Finish. Multiple websites can be added to the same rule.

5. Once the rule is created, highlight the new rule. Go to Action column and make it to Allow.

Note: Place the "Allow" rule on top of "Block" rule.

Assign the policy to the required group. This will allow only the selected website and block all other website.

Caution: If the above rule is applied to the SEPM itself, we need to allow Symantec domain in order to run the liveupdate. This should be applicable to all the machine where Liveupdate will run.

 

Plaese find the article and let me know.

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

1) How to block/allow website access using the Symantec Endpoint Protection Manager custom Intrusion Prevention Signature policy

http://bit.ly/uLiS84

2) Video: Allow and Block websites using Symantec Endpoint Protection Firewall

https://www-secure.symantec.com/connect/videos/allow-and-block-websites-using-symantec-endpoint-protection-firewall

3) Article: How To Block Internet address via Sep Manager Firewall Rule

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Hossam Adel's picture

When I try to disable the Windows firewall I found it dimmed & it states the below

 

These Settings are bieng managed by vendor application Symantec Endpoint Protection

 

 

Rafeeq's picture

Why do you want to block it from SEP. when you can do that same from ISA/TMG?

NTP component of client controls the windows firewall 

so does ISA client on any machine.

You should be using any one product to get the job done. Since you already have a network firewall. Block the access from ISA or uninstall isa client

http://www.symantec.com/business/support/index?pag...