Video Screencast Help

Allow and Block websites using Symantec Endpoint Protection Firewall

Created: 27 Aug 2010 • Updated: 04 Nov 2010 | 43 comments
Mudit Kumar's picture
+13 13 Votes
Login to vote
Symantec single video player.

This video shows how to Allow and Block websites using Symantec Endpoint Protection Firewall.

Creating Frrewall Policy, adding Rule to Allow and Block Websites.

Please Note: 
This video is best viewed in full screen by selecting the square icon in the lower right corner of the video player.
 

Comments 43 CommentsJump to latest comment

la_ripper's picture

neat stuff...!!! 
easy to understand ..thank u .. for making SEp simpler 

Don't forget to mark your thread as 'solved'  or vote with the answer that best helped you!
 

0
Login to vote
Shlomiif's picture

i send you an email with a problem i have if you can help me
thanks.

0
Login to vote
vladimir_amarante's picture

Did you test it having the browser configured to use a proxy? Just curious if SEP Firewall sees the destination as the proxy ip, or the website dns name... 
Also, can we display a notification for the user if the rule blocks the website?

0
Login to vote
Shell's picture

This method does not work if used Microsoft Firewall Client fo ISA Server :(
 

0
Login to vote
fcoperezhn's picture

Good article.

I wish to know if you can block with SEP Firewall all messenger programs? (Windows Live Messenger, Skype, Yahoo! Messenger, ICQ, etc.)

0
Login to vote
hforman's picture

If you want to block a type of program you can either do what was in the wideo listing all of the sites but, do not restrict to internet explorer or filrefox.  If you know the type of traffic or ports, you can use other selections in the rules.

0
Login to vote
Mudit Kumar's picture

Thanks

Yes you can block messengers.

Thanks & Regards,
Mudit Kumar
 

0
Login to vote
silverwink's picture

 

Whether an application is blocked or not, self-control comes from within
 
Ive been using <a href="http://www.timedoctor.com/2">http://bit.ly/bJwmma</a> . 
It uses a better procedure than blocking social media sites because it only monitors websites during production hours. People/Employees still have the option to use it for a breather or during breaks  really . Sometimes they use it for work too in helping reach decisions. For me its really unnecessary to block websites. 
0
Login to vote
Mudit Kumar's picture

This is just an example. You can use it to block any website.

Thanks & Regards,
Mudit Kumar
 

+1
Login to vote
Sumit G's picture

thanks for update good video

Regards

Sumit G.

0
Login to vote
Route77's picture

Hi Mudit, just a few comments

 

1 .- with that configuration, how do you make sure you are protecting the host from incoming connections from the hosts your enabled?  its clear you are getting access to symmantec. but how do you prevent an incomming connection to the host from the allowed site?

lets say you want to allow the host to get access to every internet site. how will you be protecting the host from the external incomming connections? if you can't achieve that the firewall has no purpouse

2.- On the Demo you use the host IP in the source section to identify the host, then you applied the ruleset over all the groups. obviously the ruleset will only be applicable to the host that has the IP you specified but the rest of the hosts will not be covered.

Lets say you have 2000 Computers and you want a granular rule to allow every single host to get access to symantec, isn't possible specify "localhost" to build the rule?

I really appreciate your kind response

 

0
Login to vote
SKP's picture

I had follow the video ,but it is not working in my case . Iam using SEPM 12.1& trying to block google

0
Login to vote
f.istaitieh's picture

Dear All,

I try the same steps to block all web sites and allow only one (ex: *.symantec.com), but it didn't work.

please note that i have ISA server 2004, i think i should do some changes into symantec policy to work correctly.

 

any help please.

 

 

0
Login to vote
Mudit Kumar's picture

When  you say ISA Server, does that mean SEPM is installed on the same machine where you have ISA?

I am in the porcess of testing this, will send you email once I am done.

Thanks & Regards,
Mudit Kumar
 

0
Login to vote
f.istaitieh's picture

No, it installed on different machine.

but the firewall client for ISA already installed on my test pc.

best Regards.

Fares Istaitieh

0
Login to vote
Airesz's picture

I have setup firewall rules to block some websites on my network. When a user tries to visit one of the blocked website the user eventually get a message that "The connection has timed out" is it possible to display a message or redirect them to a page that informs the user that the page has been blocked by the administrator?

0
Login to vote
Chetan Savade's picture

Nice Video !!!

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
alicedi's picture

That's a nice little product. However, I am doubtful if it will actually block all the sites. Firewall protection is just a small part of the package. You need a complete parental control application. A month ago, I discovered Qustodio from http://www.qustodio.com. Its free and based on content, it blocks sites automatically in real time, tracks data, and also monitors the activities kids engage in on social media sites. I think the best feature such a software can provide is the inability of the kids to play with its features. very cool!

0
Login to vote
toby's picture

Hello,

nice article, but actually it doesnt work when you have a proxy in place. I have tried it as well and the client always sees the proxy instead of the remote website.

What might be helpful is a custom IPS signature to deny the connection based on the website, but be careful that you dont block the full proxy system for all sites...

cheers toby

 

------------------------------------------------------------------

Best regards!

toby

CISSP / STS / MCP 

0
Login to vote
ticmirex's picture

so, no one say,

you cant do this if you have a isa server 2004?

i do this with sepm 12.1 and nothing happens

0
Login to vote
balajimr4u's picture

 

Nice Demonstration... Thanks.

 

I am facing peculiar problem with Symantec End point protection installed systems.

We develop Client-Server software where in the data communication happens through .Net Web Services.

 

Sometimes Client application fails to communicate with Server Web services due to some block in the communication.

If we saw IIS logs, we won’t see that web service call.

 

This issue we are facing in some specific systems where SYMANTEC antivirus is installed.

 

Is there any way to exclude the blocking of this web services?

 

Our web service communication URL link looks like http://10.0.100.19/ABC_Web/wstest.aspx

 

Please suggest….

 

0
Login to vote
Chetan Savade's picture

Hi,

If I go through your comment it says "We develop Client-Server software where in the data communication happens through .Net Web Services"

Is it your inhouse developed application? if yes could you please create exception for the same software under SEPM exception policy.

Also please see SEP clients logs & try to find out which rule is blocking an application.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
deepu43's picture

Thanks for so detailed video.

We have SEP V 11.0.6200.754 installed on our machines. How can we block specific websites from SEP using Network Threat Protection on individual's machines.

 

 

+1
Login to vote
Ashish-Sharma's picture

HI,

How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients
 
 
How to block all website and allow only certain websites using Network Threat Protection Firewall rule.
 

Thanks In Advance

Ashish Sharma

 

 

0
Login to vote
deepu43's picture

Hi Ashish,

Thanks for reply. I went through below link but I did not get option to put DNS Domain under Host:

http://www.symantec.com/docs/TECH95248

See the screenshot below.

0
Login to vote
Chetan Savade's picture

Hi Deepu,

As per attached screenshot it seems that you are trying to make changes on the SEP client not on the SEPM.

You should create a rule on the SEPM and apply it to single or multiple groups.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
deepu43's picture

Thank you very much Chetan.

Last question - Can't we do it from SEP Client instead of SEPM?

0
Login to vote
Chetan Savade's picture

Hi,

We can create firewall rule on SEP clients as well but with limitations.

Generally it's assign through the SEPM console.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
babjee's picture

Mudit - Its a good video :)

 

0
Login to vote
sudiptodas06's picture

Can anybody help me in how to allow all https sites and block http sites in SEPM 11.0

 

0
Login to vote
Chetan Savade's picture

Hi,

Could you please specify detail requirements?

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote
Suneel's picture

nice mudit.

 

Suneel Kumar
Technical Support Engineer, Endpoint Security
&nb

0
Login to vote
Suneel's picture

 

Problem

You want to create firewall rules to block all but specified web sites.

 

Solution

This can be achieved by using firewall rules. 

For example, if you want to allow www.symantec.com (or some other website) but want to block all other web sites, you can accomplish this by creating two custom rules:

The "Allow Symantec" Rule

  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.
  6. Change the name of new rule to (for example) "Allow Symantec", and then select the appropriateSeverity.
  7. Double-click in the Application cell to invoke the Application List dialog box.
  8. Select Add to invoke the Add Application dialog box and enter iexplore.exe (or firefox.exe) to allow Internet Explorer (or Firefox) to go to symantec.com.
  9. Click OK twice to return to the firewall policy window.
  10. Double-click the Host cell to invoke the Host List dialog box.
  11. With the Source/Destination option enabled, click Add from the Source section and enter the IP address or IP range of the computers to be allowed.
  12. From the Destination section, click Add, select DNS Domain from the Type drop-down list and enter *.symantec.com. Click OK twice again to return to the Firewall Policy window.
  13. Leave Service at Any and select Action to Allow.
  14. You may also enable logging by selecting Write to Traffic log from the Logging column.

The "Block All Websites" Rule

  1. In the Symantec Endpoint Protection Manager (SEPM) console, under the Clients view, select the Group where you want to apply this policy.
  2. Select Policies tab on right side.
  3. Double-click the Firewall policy and select to Edit Shared when prompted.
  4. In the Firewall Policy window select Rules.
  5. Click the Add Blank Rule button. A blank rule is added to the list.
  6. Change the name of new rule to (for example) "Block All Websites", then select the appropriateSeverity.
  7. Double-click in the Application cell to invoke the Application List dialog box.
  8. Click the Add button and enter iexplore.exe (or firefox.exe) to block Internet Explorer (or Firefox) traffic to any website.
  9. Click OK twice to return to the Firewall Policy window.
  10. Double-click in the Host cell to invoke the Host List dialog box. Ensure thatSource/Destination is enabled and click Add to enter the source and IP address or IP range of the computers to be blocked .
  11. Under Destination click Add and select DNS Domain from the Type drop-down list.
  12. Enter an asterisk (*).
  13. Click OK twice again to return to the Firewall Policy window.
  14. Leave Service at Any and select an Action of Block.
  15. You may also enable logging by selecting Write to Traffic log at Logging column.

Once your rules are in place, move the "Allow Symantec" rule to the top of the rule list and the "Block All Websites" rule to the number two position. 

You may need to clear the DNS cache. To do so, go to the Command prompt and type "ipconfig /flushdns" (without the quotation marks). 

NOTE: The "Block All Websites" rule may also block some URLs from the allowed website as some web pages connect to other web pages from different domains to show advertisements or other content. However, you can always monitor the Traffic logs and allow those URLs too.

 

 

Suneel Kumar
Technical Support Engineer, Endpoint Security
&nb

0
Login to vote
boylambing's picture

hi,

i can allow and block website using SEPM (example: allow *.google.com and block *.all websites). but can't download the attachment from gmail.

0
Login to vote
JohnEek's picture

Hi Mudit,

is the features illustrated by you available in Symantec Endpoint Protection Small Business 2013? Thank you.

 

Regards,

John

0
Login to vote
Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I am not the part of Small Business 2013 group however I can confirm it for you.

I believe this feature should be available in Small Business 2013.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
Chetan Savade's picture

Hi,

In Small Business Edition you will have to choose either cloud-managed services or on-premises service.

On-premise service means to install SEPM locally on the system. In this you will get all the feature which are in the SBE 12.1 

Cloud-managed service has different GUI and will have limited options compared to on-premise service.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
JohnEek's picture

Hi,

 

So what you mean is we actually have the option to host the small business edition offline or online? And the same package can actually enjoy all the config features available from SEP 12 through the local management console but limited features through the online management console?

 

Regards,

John

0
Login to vote
Chetan Savade's picture

Hi John,

You are absolutely correct. 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

+1
Login to vote
samer09's picture

Hi Dear,

First how can I make block Depending catagry , secondly I have problem when i make this policy because some webist like google dosn't work and the websit I want to block it still work in the firefox after i added the firefox in application list kindly I am so happy if can help me in this topoic .

 

 

Regards,

Samer

0
Login to vote
Andrew Stingray's picture

We've bee using Symantec technologies, but like it more as an outstanding antivirus package. 
Regarding the web filtering software we needed to make some kind of flexible rules for users, to give them about 15min of personal web surfing in working hours and unlimited web surfing during the breaks. So, we needed a program that will analyze the time spent in the browser and work through the network. EfficientLab solution (http://www.workexaminer.com) was one of we liked most (tracks browser time, shows a web timer to the user, allows various rules based on time, url, content, etc..), and it had no issues with Symantec.

0
Login to vote
Chetan Savade's picture

Thanks for your positive feedback.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

0
Login to vote