neat stuff...!!! 
easy to understand ..thank u .. for making SEp simpler 

i send you an email with a problem i have if you can help me
thanks.

Did you test it having the browser configured to use a proxy? Just curious if SEP Firewall sees the destination as the proxy ip, or the website dns name... 
Also, can we display a notification for the user if the rule blocks the website?

This method does not work if used Microsoft Firewall Client fo ISA Server :(
 

Good article.

I wish to know if you can block with SEP Firewall all messenger programs? (Windows Live Messenger, Skype, Yahoo! Messenger, ICQ, etc.)

Thanks

Yes you can block messengers.

This is just an example. You can use it to block any website.

thanks for update good video

Hi Mudit, just a few comments

1 .- with that configuration, how do you make sure you are protecting the host from incoming connections from the hosts your enabled?  its clear you are getting access to symmantec. but how do you prevent an incomming connection to the host from the allowed site?

lets say you want to allow the host to get access to every internet site. how will you be protecting the host from the external incomming connections? if you can't achieve that the firewall has no purpouse

2.- On the Demo you use the host IP in the source section to identify the host, then you applied the ruleset over all the groups. obviously the ruleset will only be applicable to the host that has the IP you specified but the rest of the hosts will not be covered.

Lets say you have 2000 Computers and you want a granular rule to allow every single host to get access to symantec, isn't possible specify "localhost" to build the rule?

I really appreciate your kind response

I had follow the video ,but it is not working in my case . Iam using SEPM 12.1& trying to block google

Dear All,

I try the same steps to block all web sites and allow only one (ex: *.symantec.com), but it didn't work.

please note that i have ISA server 2004, i think i should do some changes into symantec policy to work correctly.

any help please.

When  you say ISA Server, does that mean SEPM is installed on the same machine where you have ISA?

I am in the porcess of testing this, will send you email once I am done.

No, it installed on different machine.

but the firewall client for ISA already installed on my test pc.

best Regards.

Fares Istaitieh

I have setup firewall rules to block some websites on my network. When a user tries to visit one of the blocked website the user eventually get a message that "The connection has timed out" is it possible to display a message or redirect them to a page that informs the user that the page has been blocked by the administrator?

Involved time to read the many comments, however really enjoyed your content. It became Very beneficial for me and i'm sure to the many commenters here! It’s always nice when you can actually not simply be informed, but this articles is advisable <a href="http://www.sanjoseairconditioningandheating.info" target="_blank">San Jose Air Conditioning</a>

For a Newbie, We're always searching online for articles that will help me. Thanks a lot <a href="http://www.locksmith-sandiego.info" target="_blank">Locksmith San Diego</a>

Hey great blog! Man . Beautiful . Amazing . I'll bookmark your blog site and grab the feeds also. <a href="http://www.sunnyvaleelectrical.us" target="_blank">Sunnyvale Electrical</a>

Hello could I quote a few of the insight out of this entry if I link to you? <a href="http://www.sandiegoelectrician.me" target="_blank">San Diego Electrician</a>

Your article contains some worthy information that we guess might help number of people. <a href="http://www.sanjoseelectrical.me" target="_blank">San Jose Electrical</a>

Nice Video !!!

That's a nice little product. However, I am doubtful if it will actually block all the sites. Firewall protection is just a small part of the package. You need a complete parental control application. A month ago, I discovered Qustodio from http://www.qustodio.com. Its free and based on content, it blocks sites automatically in real time, tracks data, and also monitors the activities kids engage in on social media sites. I think the best feature such a software can provide is the inability of the kids to play with its features. very cool!

Hello,

nice article, but actually it doesnt work when you have a proxy in place. I have tried it as well and the client always sees the proxy instead of the remote website.

What might be helpful is a custom IPS signature to deny the connection based on the website, but be careful that you dont block the full proxy system for all sites...

cheers toby

so, no one say,

you cant do this if you have a isa server 2004?

i do this with sepm 12.1 and nothing happens

Nice Demonstration... Thanks.

I am facing peculiar problem with Symantec End point protection installed systems.

We develop Client-Server software where in the data communication happens through .Net Web Services.

Sometimes Client application fails to communicate with Server Web services due to some block in the communication.

If we saw IIS logs, we won’t see that web service call.

This issue we are facing in some specific systems where SYMANTEC antivirus is installed.

Is there any way to exclude the blocking of this web services?

Our web service communication URL link looks like http://10.0.100.19/ABC_Web/wstest.aspx

Please suggest….

Hi,

If I go through your comment it says "We develop Client-Server software where in the data communication happens through .Net Web Services"

Is it your inhouse developed application? if yes could you please create exception for the same software under SEPM exception policy.

Also please see SEP clients logs & try to find out which rule is blocking an application.

Thanks for so detailed video.

We have SEP V 11.0.6200.754 installed on our machines. How can we block specific websites from SEP using Network Threat Protection on individual's machines.

HI,

Mudit - Its a good video :)

Can anybody help me in how to allow all https sites and block http sites in SEPM 11.0

nice mudit.