Video Screencast Help

How to block Internet ?

Created: 12 Jul 2012 • Updated: 16 Jul 2012 | 8 comments
Tuhin Roychowdhury's picture
This issue has been solved. See solution.

Can anyone please tell me from SBE how I block internet for a particular user ?

Comments 8 CommentsJump to latest comment

Sayan's picture

 

Cause

TCP port 25 and 110 are used by SEP Internet Email Proxy, its outbound connections will be allowed by SEP firewall by default.

Solution

1. Click Control Panel - Add/Remove Programs.

2. Click "Symantec Endpoint Protection" - "Change" button and "Next step".

3. Remove all Email protecion features, including Microsoft Outlook snapin, Lotus Notes snapin and Inernet Email Protection.

4. Click "Next step" to "Finish".

 

Sayan's picture

 

Solution

Warning : Please test all policies in a test environment before deploying it in a production environment.

  1. Login to Symantec Endpoint Protection Manager Console
  2. Go to policies, Go to Firewall
  3. Under "Tasks", click on "Add a Firewall Policy
  4. "Give a name to the firewall policy and write a short description about the role played by the policy (relevant name recommended)
  5. Make sure that box "for "Enable this Policy" is checked
  6. Go to "Rules"
  7. Ensure "Inherit Firewall Rules from Parent Group" is unchecked and click on "Add Rule"
  8. Choose "Block connections" and click "Next"
  9. Choose "Internet Explorer / Firefox / Google Crome / Opera"and click on "Next"
  10. Click on "The following type of protocols on all ports" and select TCP
  11. Click on "Next"
  12. If you want log entries for the same, select "Yes"
  13. The rule should be on top of the list with severity as Major
  14. In this rule edit the "Host" column, select Local/Remote
  15. In Remote add the IP address of the Proxy Server\
    • If you have more than one proxy server add all the address
  16. Click on "Ok"
  17. Assign the policy to a group.

 

Tuhin Roychowdhury's picture

I have a SBE server from there do I need to configure policy ???

Ajit Jha's picture

 

You can define how frequently you want a specific location to perform a DNS query. This feature lets you configure one location to query the DNS server more often than other locations.

For example, assume that you have a policy to block all traffic outside of your corporate network except VPN traffic. And assume that your users travel and must access your network through a VPN from a hotel network. You can create a policy for a VPN connection that uses DNS resolution. Symantec Endpoint Protection continues to send the DNS query every 5 seconds until it switches to this location. This way, your users can more quickly access your network.

Caution:

Use caution when you configure this setting to a very low value. You run the possibility of bringing down your DNS server if all of your systems access the server every 5 seconds, for example.

To define DNS queries based on location

  1. In the console, click Clients.

  2. Under Clients, select the group for which the feature applies.

  3. Under Tasks, click Manage Locations.

  4. Ensure DNS Query Loop in is checked.

  5. Click the time setting and increments and modify as desired.

    You can set the value in seconds, minutes, or hours.

    The default value is 30 minutes.

  6. Click OK.

 

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ajit Jha's picture

This is Logic for DNS Query.....

Simply Block your DNS from Firewall Rule. It will implie on all the Outgoing Traffic from your Internal network.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Chetan Savade's picture

Hi,

Login to Symantec Endpoint Protection Manager Console

Create new test group in SEPM, move desired user computer to the same group & follow the steps.

1) Click on firewall policy

2) Create new firewall policy

3) Edit newly created firewall policy, select customized the default settings

4) Click on add rule, give specific name, click on next, select block connections

5) Select the only computer listed below, enter computer IP address

6) Select option only the communications selected below

7) Select http port (Port 80, 443)

8) Assign the policy to new group where desired client is located

9) Test the internet connectivity.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<