Allow and Block websites using Symantec Endpoint Protection Firewall

Created: 27 Aug 2010 • Updated: 04 Nov 2010
Mudit Kumar's picture
Login to vote
+13 13 Votes
Symantec single video player.

This video shows how to Allow and Block websites using Symantec Endpoint Protection Firewall.

Creating Frrewall Policy, adding Rule to Allow and Block Websites.

Please Note: 
This video is best viewed in full screen by selecting the square icon in the lower right corner of the video player.
 

Filed Under

Comments

30
Aug
2010

neat stuff...!!!  easy to

neat stuff...!!! 
easy to understand ..thank u .. for making SEp simpler 

Don't forget to mark your thread as 'solved'  or vote with the answer that best helped you!
 

04
Sep
2010

hi mudit

i send you an email with a problem i have if you can help me
thanks.

08
Sep
2010

Did you test it having the

Did you test it having the browser configured to use a proxy? Just curious if SEP Firewall sees the destination as the proxy ip, or the website dns name... 
Also, can we display a notification for the user if the rule blocks the website?

21
Oct
2010

This method does not work if

This method does not work if used Microsoft Firewall Client fo ISA Server :(
 

10
Sep
2010

Good article. I wish to know

Good article.

I wish to know if you can block with SEP Firewall all messenger programs? (Windows Live Messenger, Skype, Yahoo! Messenger, ICQ, etc.)

27
Dec
2013

If you want to block a type

If you want to block a type of program you can either do what was in the wideo listing all of the sites but, do not restrict to internet explorer or filrefox.  If you know the type of traffic or ports, you can use other selections in the rules.

Mudit Kumar
Technical Support
10
Sep
2010

Thanks Yes you can block

Thanks

Yes you can block messengers.

Thanks & Regards,
Mudit Kumar
 

29
Sep
2010

  Whether an application is

 

Whether an application is blocked or not, self-control comes from within
 
Ive been using <a href="http://www.timedoctor.com/2">http://bit.ly/bJwmma</a> . 
It uses a better procedure than blocking social media sites because it only monitors websites during production hours. People/Employees still have the option to use it for a breather or during breaks  really . Sometimes they use it for work too in helping reach decisions. For me its really unnecessary to block websites. 
Mudit Kumar
Technical Support
29
Sep
2010

This is just an example. You

This is just an example. You can use it to block any website.

Thanks & Regards,
Mudit Kumar
 

09
Nov
2010

Thanks

Thanks

 

Sumit G
Accredited
Certified
22
Sep
2011

thanks

thanks for update good video

Regards

Sumit G.

19
Oct
2011

Hi Mudit, just a few

Hi Mudit, just a few comments

 

1 .- with that configuration, how do you make sure you are protecting the host from incoming connections from the hosts your enabled?  its clear you are getting access to symmantec. but how do you prevent an incomming connection to the host from the allowed site?

lets say you want to allow the host to get access to every internet site. how will you be protecting the host from the external incomming connections? if you can't achieve that the firewall has no purpouse

2.- On the Demo you use the host IP in the source section to identify the host, then you applied the ruleset over all the groups. obviously the ruleset will only be applicable to the host that has the IP you specified but the rest of the hosts will not be covered.

Lets say you have 2000 Computers and you want a granular rule to allow every single host to get access to symantec, isn't possible specify "localhost" to build the rule?

I really appreciate your kind response

 

SKP
13
Dec
2011

I had follow the video ,but

I had follow the video ,but it is not working in my case . Iam using SEPM 12.1& trying to block google

08
Mar
2012

I have Problem...please help.

Dear All,

I try the same steps to block all web sites and allow only one (ex: *.symantec.com), but it didn't work.

please note that i have ISA server 2004, i think i should do some changes into symantec policy to work correctly.

 

any help please.

 

 

Mudit Kumar
Technical Support
08
Mar
2012

When  you say ISA Server,

When  you say ISA Server, does that mean SEPM is installed on the same machine where you have ISA?

I am in the porcess of testing this, will send you email once I am done.

Thanks & Regards,
Mudit Kumar
 

08
Mar
2012

No, it installed on different

No, it installed on different machine.

but the firewall client for ISA already installed on my test pc.

best Regards.

Fares Istaitieh

08
Apr
2012

I have setup firewall rules

I have setup firewall rules to block some websites on my network. When a user tries to visit one of the blocked website the user eventually get a message that "The connection has timed out" is it possible to display a message or redirect them to a page that informs the user that the page has been blocked by the administrator?

Chetan Savade
Technical Support
Accredited
07
May
2012

Nice Video !!!  

Nice Video !!!

 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

29
Jul
2012

That's a nice little product.

That's a nice little product. However, I am doubtful if it will actually block all the sites. Firewall protection is just a small part of the package. You need a complete parental control application. A month ago, I discovered Qustodio from http://www.qustodio.com. Its free and based on content, it blocks sites automatically in real time, tracks data, and also monitors the activities kids engage in on social media sites. I think the best feature such a software can provide is the inability of the kids to play with its features. very cool!

toby
Accredited
16
Aug
2012

Hello, nice article, but

Hello,

nice article, but actually it doesnt work when you have a proxy in place. I have tried it as well and the client always sees the proxy instead of the remote website.

What might be helpful is a custom IPS signature to deny the connection based on the website, but be careful that you dont block the full proxy system for all sites...

cheers toby

 

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

12
Sep
2012

so, no one say, you cant do

so, no one say,

you cant do this if you have a isa server 2004?

i do this with sepm 12.1 and nothing happens

17
Sep
2012

  Nice Demonstration...

 

Nice Demonstration... Thanks.

 

I am facing peculiar problem with Symantec End point protection installed systems.

We develop Client-Server software where in the data communication happens through .Net Web Services.

 

Sometimes Client application fails to communicate with Server Web services due to some block in the communication.

If we saw IIS logs, we won’t see that web service call.

 

This issue we are facing in some specific systems where SYMANTEC antivirus is installed.

 

Is there any way to exclude the blocking of this web services?

 

Our web service communication URL link looks like http://10.0.100.19/ABC_Web/wstest.aspx

 

Please suggest….

 

Chetan Savade
Symantec Employee
Accredited
18
Sep
2012

Hi, If I go through your

Hi,

If I go through your comment it says "We develop Client-Server software where in the data communication happens through .Net Web Services"

Is it your inhouse developed application? if yes could you please create exception for the same software under SEPM exception policy.

Also please see SEP clients logs & try to find out which rule is blocking an application.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

12
Oct
2012

Thanks for so detailed

Thanks for so detailed video.

We have SEP V 11.0.6200.754 installed on our machines. How can we block specific websites from SEP using Network Threat Protection on individual's machines.

 

 

Ashish-Sharma
Accredited
12
Oct
2012

HI, How to Restrict Users to

HI,

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
 
 
How to block all website and allow only certain websites using Network Threat Protection Firewall rule.
 

Thanks In Advance

Ashish Sharma

 

 

15
Oct
2012

Hi Ashish, Thanks for reply.

Hi Ashish,

Thanks for reply. I went through below link but I did not get option to put DNS Domain under Host:

http://www.symantec.com/docs/TECH95248

See the screenshot below.

Chetan Savade
Symantec Employee
Accredited
15
Oct
2012

Hi Deepu, As per attached

Hi Deepu,

As per attached screenshot it seems that you are trying to make changes on the SEP client not on the SEPM.

You should create a rule on the SEPM and apply it to single or multiple groups.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

16
Oct
2012

Thank you very much

Thank you very much Chetan.

Last question - Can't we do it from SEP Client instead of SEPM?

Chetan Savade
Symantec Employee
Accredited
29
Nov
2012

Hi, We can create firewall

Hi,

We can create firewall rule on SEP clients as well but with limitations.

Generally it's assign through the SEPM console.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

29
Nov
2012

Mudit - Its a good video :)  

Mudit - Its a good video :)

 

04
Dec
2012

Can anybody help me in how to

Can anybody help me in how to allow all https sites and block http sites in SEPM 11.0

 

Chetan Savade
Symantec Employee
Accredited
12
Dec
2012

Hi, Could you please specify

Hi,

Could you please specify detail requirements?

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

03
Apr
2013

nice mudit.

nice mudit.

 

Suneel Kumar
Technical Support Engineer, Endpoint Security
&nb

03
Apr
2013

  Problem You want to

 

Problem

You want to create firewall rules to block all but specified web sites.

 

Solution

This can be achieved by using firewall rules. 

For example, if you want to allow www.symantec.com (or some other website) but want to block all other web sites, you can accomplish this by creating two custom rules:

The "Allow Symantec" Rule

  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.
  6. Change the name of new rule to (for example) "Allow Symantec", and then select the appropriateSeverity.
  7. Double-click in the Application cell to invoke the Application List dialog box.
  8. Select Add to invoke the Add Application dialog box and enter iexplore.exe (or firefox.exe) to allow Internet Explorer (or Firefox) to go to symantec.com.
  9. Click OK twice to return to the firewall policy window.
  10. Double-click the Host cell to invoke the Host List dialog box.
  11. With the Source/Destination option enabled, click Add from the Source section and enter the IP address or IP range of the computers to be allowed.
  12. From the Destination section, click Add, select DNS Domain from the Type drop-down list and enter *.symantec.com. Click OK twice again to return to the Firewall Policy window.
  13. Leave Service at Any and select Action to Allow.
  14. You may also enable logging by selecting Write to Traffic log from the Logging column.

The "Block All Websites" Rule

  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select to Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.
  6. Change the name of new rule to (for example) "Block All Websites", then select the appropriateSeverity.
  7. Double-click in the Application cell to invoke the Application List dialog box.
  8. Click the Add button and enter iexplore.exe (or firefox.exe) to block Internet Explorer (or Firefox) traffic to any website.
  9. Click OK twice to return to the Firewall Policy window.
  10. Double-click in the Host cell to invoke the Host List dialog box. Ensure thatSource/Destination is enabled and click Add to enter the source and IP address or IP range of the computers to be blocked .
  11. Under Destination click Add and select DNS Domain from the Type drop-down list.
  12. Enter an asterisk (*).
  13. Click OK twice again to return to the Firewall Policy window.
  14. Leave Service at Any and select an Action of Block.
  15. You may also enable logging by selecting Write to Traffic log at Logging column.

Once your rules are in place, move the "Allow Symantec" rule to the top of the rule list and the "Block All Websites" rule to the number two position. 

You may need to clear the DNS cache. To do so, go to the Command prompt and type "ipconfig /flushdns" (without the quotation marks). 

NOTE: The "Block All Websites" rule may also block some URLs from the allowed website as some web pages connect to other web pages from different domains to show advertisements or other content. However, you can always monitor the Traffic logs and allow those URLs too.

 

 

Suneel Kumar
Technical Support Engineer, Endpoint Security
&nb

29
May
2013

hi, i can allow and block

hi,

i can allow and block website using SEPM (example: allow *.google.com and block *.all websites). but can't download the attachment from gmail.

18
Jun
2013

Hi Mudit, is the features

Hi Mudit,

is the features illustrated by you available in Symantec Endpoint Protection Small Business 2013? Thank you.

 

Regards,

John

Chetan Savade
Symantec Employee
Accredited
19
Jun
2013

Hi, Thank you for posting in

Hi,

Thank you for posting in Symantec community.

I am not the part of Small Business 2013 group however I can confirm it for you.

I believe this feature should be available in Small Business 2013.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Chetan Savade
Symantec Employee
Accredited
27
Jun
2013

Hi, In Small Business Edition

Hi,

In Small Business Edition you will have to choose either cloud-managed services or on-premises service.

On-premise service means to install SEPM locally on the system. In this you will get all the feature which are in the SBE 12.1 

Cloud-managed service has different GUI and will have limited options compared to on-premise service.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

02
Jul
2013

Hi,   So what you mean is we

Hi,

 

So what you mean is we actually have the option to host the small business edition offline or online? And the same package can actually enjoy all the config features available from SEP 12 through the local management console but limited features through the online management console?

 

Regards,

John

Chetan Savade
Symantec Employee
Accredited
02
Jul
2013

Hi John, You are absolutely

Hi John,

You are absolutely correct. 

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

06
Oct
2013

Hi Dear, First how can I make

Hi Dear,

First how can I make block Depending catagry , secondly I have problem when i make this policy because some webist like google dosn't work and the websit I want to block it still work in the firefox after i added the firefox in application list kindly I am so happy if can help me in this topoic .

 

 

Regards,

Samer

20
Dec
2013

We've bee using Symantec

We've bee using Symantec technologies, but like it more as an outstanding antivirus package. 
Regarding the web filtering software we needed to make some kind of flexible rules for users, to give them about 15min of personal web surfing in working hours and unlimited web surfing during the breaks. So, we needed a program that will analyze the time spent in the browser and work through the network. EfficientLab solution (http://www.workexaminer.com) was one of we liked most (tracks browser time, shows a web timer to the user, allows various rules based on time, url, content, etc..), and it had no issues with Symantec.

Chetan Savade
Symantec Employee
Accredited
20
Dec
2013

Thanks for your positive

Thanks for your positive feedback.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<