Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to block Proxy address using SEPM 12 RU2

Created: 13 Feb 2013 • Updated: 14 Feb 2013 | 4 comments
This issue has been solved. See solution.

Hello,

I have been given two proxies to see whether it can be blocked through SEPM 12 RU2. How to block this? I understand we can block websites using Firewall rule, but what about proxies:

Pro.matt1.net:9999

96.239.90.60:8164

Comments 4 CommentsJump to latest comment

.Brian's picture

Do you want to block the ports? 9999 and 8164 only or do you want to block by the IP and hostname?

You can create a firewall rule to block those remote ports or even by the hostname and specific IP address you listed

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

RSASKA's picture

Well, I'd like to block both the IP and hostname.

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

.Brian's picture

This should work for hostname and IP:

Blocking a Website using Symantec Endpoint Protection

Article:TECH92405  |  Created: 2009-01-16  |  Updated: 2012-08-22  |  Article URL http://www.symantec.com/docs/TECH92405

 Once you create the rule for the hostname, do the same steps for IP just select "IP address" instead of DNS domain

Go into your FW policy

Select Add Rule and give it a name

Select Block connection

Apply to all applications

Select "only the computers and sites listed below"

Click Add

Select DNS Domain (than select IP address to block by IP after click OK and ADD again

Leave radio button to block al types of communication

Select if you want to log or not

Click Finish and move to top

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Ashish-Sharma's picture

Check this also

The above configuration can be done by creating only 2 firewall rules. Please follow the below steps to configure the rules.

1. Go to Firewall policy > Rules.

2. Click on Add Rule button. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Select DNS Domain as *.* then Click Next > Click Finish.

4. Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block".

The above rule is to block all the websites. To create a rule to allow only selected websites, please follow the steps below.

1. Go to firewall policy> Rules.

2. Click on Add Rule. Select Host > Next > From Address Type drop down menu select DNS domain.

3. Enter DNS Domain as *.*symantec*.* This is an example which means all the urls related to symantec will be allowed.

4. Click Next > Click Finish. Multiple websites can be added to the same rule.

5. Once the rule is created, highlight the new rule. Go to Action column and make it to Allow.

Note: Place the "Allow" rule on top of "Block" rule.

Assign the policy to the required group. This will allow only the selected website and block all other website.

Thanks In Advance

Ashish Sharma