Endpoint Protection

 View Only

  • 1.  Internet Block

    Posted Aug 26, 2009 04:32 AM
    Hello everybody.
    I need help about firewall. This is very simple but i coulnd't do that.
    in my one location one client connect to internet. I want to block his internet with sep.
    we have adsl modem there and it ip address is 10.0.19.19 this client in same switch in this modem. therefore he can connect to internet.
    I did like this but it doesn't work.
    in firewall i create new rule,
    Choice Network service, choice all services. and change application to iexplorer.exe and choice action to block.
    It doesn't work.
    than i did another rule like this;
    Create new rule
    choice host, address type is ip adress and ip adress is 10.0.19.19 and action is block.
    when i did like this the user cannot ping to 10.0.19.19 but he can connect to internet again.
    at least i create another rule.
    choice host, choice domain and write there
    *.*.com
    *.*.com.tr
    *.*.net
    *.*.biz
    etc.
    but i couldn't try this rule yet.
    I thing so there must be another simple rule for this problem.
    What will i do?
    Thank you so much.
    Have a nice day.


  • 2.  RE: Internet Block

    Posted Aug 26, 2009 04:42 AM
    Check if you have network threat protection is installed on client ( i know its stupid but it always good to check  :) )

    Check if you have placed the rule on the top of the rules list in Firewall policy

    Make sure that the client got the policy.


    can u confirm and let me know this , so that we can go further :)

    Good Day



  • 3.  RE: Internet Block

    Posted Aug 26, 2009 04:49 AM
     You made one error in your rule if you added iexplorer.exe to be blocked it should be iexplore.exe which is not the same. Check this again that you wrote the correct application. However this method of blocking the user from internet is not very good since there are many other ways to access internet if you block only one application.




  • 4.  RE: Internet Block

    Posted Aug 26, 2009 05:01 AM
    Well ...found the following related forums and articles following which should be able to resolve the issue .Please go through it.

    https://www-secure.symantec.com/connect/forums/dns-domain-firewall-rules-not-blocking-traffic 

    https://www-secure.symantec.com/connect/forums/block-website-through-firewall 

    How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6e23ee65720a6667ca25754d001a0b2b?OpenDocument


    Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121714495348




  • 5.  RE: Internet Block

    Posted Aug 26, 2009 05:13 AM
    @maximilian
    Hello. I wrote wrong. I understood what you mean. I blocked iexplore.exe not explorer.exe :) if i blocked explorer.exe he cannot show his desktop.
    yes you are exacly rigth. he can use firefox,google etc. but it is enought for me now.
    @Rafeeq
    Hello. yes you rigth. i checked network threat protection is install in his machine. on the sep manager i saw firewall is enabled too.
    my firewall rule is on the top.
    I am sure client have got policy too.
    There must be another simple way :(


  • 6.  RE: Internet Block

    Posted Aug 26, 2009 05:31 AM
    thank you for reply. but I know how to block web site. I want to block all internet traffic.
    maybe i should close port 80 but i don't know how i block port 80 with firewall rule.


  • 7.  RE: Internet Block

    Posted Aug 26, 2009 06:26 AM
    Go through this forum...it's on 'blocking ports'

    https://www-secure.symantec.com/connect/forums/need-help-configuring-firewall-ports-sepm-11 


    An example rule to Block Web traffic.

    Application = Any [so that it would be applicable for all apps. and not just iexplore.or firefox]
    Service = HTTP/HTTPS 
    Action=Block   
    Adapter=all
    Host = the IP of the host

    You can specify the port or service to block under 'SERVICE'  in the Firewall rules...

    Service Specifies the services that trigger the rule.

    Typically, specific types of services occur on specific ports. For example, Web traffic (HTTP and HTTPS) generally occurs on ports 80 and 443. The Service list enables you to group multiple ports together.

    You can select a service from the list, or you can define additional services. You can add any of following ports and protocols:

    • TCP
    • UDP
    • ICMP
    • IP
    • Ethernet

    You can apply the rule to inbound network traffic, outbound network traffic, or network traffic in both directions.

    source: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032011023248




  • 8.  RE: Internet Block

    Broadcom Employee
    Posted Aug 26, 2009 08:55 AM
    the top rule in firewall policy to be applied, add the service section and check HTTP ( tcp 80 and 443)  and the action being block.

    By doing this the client machine ( the policy applied for the group) will not connect to port 80 and 443 ( remote)


  • 9.  RE: Internet Block

    Posted Aug 26, 2009 09:30 AM
    Hi everybody. The client computer have a problem rigth now. and i cannot connect it. when i fix this problem i will try and answer in here.
    Thank you


  • 10.  RE: Internet Block

    Posted Aug 26, 2009 09:40 AM
     Well ..hope your SEPM is not installed on port 80 :-)