Be VERY VERY careful doing that as the way SEP works, it can and often will block GOOD sites due to the use of AKAIMI........
IP addresses will "float" or be shared.
I've seen symantec.com blocked here because of using *.facebook.com in the firewall.
SEP resolves the IP address and blocks it............ then when they go to symantec.com, who also uses AKAIMI, they find symantec.com blocked because it now resolves to the same address but SEP has the other address, it's a mess here.
Our main provider for the State of Iowa, ICN (Iowa Communications Network) has an AKAIMI server - so on our way out, so to speak, we hit their server and guess what? I had to drop that firewall rule because SEP blocked walmart.com and bestbuy.com as well as facebook, twitter and myspace - even though I was doing it by DOMAIN.
SEP needs to be reconfigured somehow - we can't use domain blocking here but instead had to create custom IPS signatures to look into the packets for the domain names.
The kicker there is some packets are kicked out with IPS, too, because of all the ads and referrals.
Bottom line, your best bet in the company is a hardware firewall or PROXY like websense, otherwise, test the heck out of SEP before making it production - run it in log-only mode (do not block but DO log in the traffic log)