Network Access Control

 View Only

  • 1.  Can SEP Network Access Control module be used to restrict internet access?

    Posted Jul 17, 2009 12:11 PM
    Hi All,

    Was just thinking if the Network Access Control module in SEP can be used to restrict internet access, for example, allowing users to access google.com, but deny access to docs.google.com, or any other sub domain?



  • 2.  RE: Can SEP Network Access Control module be used to restrict internet access?
    Best Answer

    Posted Jul 17, 2009 01:03 PM
    SEP..Network Threat Protection--the firewall component itself is capable of doing this job.

    How to Restrict Users to Specific Web Sites by Creating Firewall Rules for Managed Clients

    service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6e23ee65720a6667ca25754d001a0b2b 

    This job can be done via IPS as well but doing through firewall makes work and configuration easier.


  • 3.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Jul 17, 2009 04:07 PM
     As far as I remember SNAC allows you to load the restricted Firewall Policy when a condition meets. In which you can block the sites which you want :-)

    Regards

    Witold


  • 4.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Jul 22, 2009 04:45 PM
    I tried. The problem is, for e.g. I allow google.com but deny access to docs.google.com, but when the user accesses google.com, and is redirected to google.co.in, it should not allow, but the firewall allows the connection.


  • 5.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Jul 22, 2009 05:00 PM
    If I block docs.*.* it only block docs webpage and allows google and all other site.
    If I block docs.google.*
    it blocks only docs webpage and google.com /co.in opens 


  • 6.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Jul 22, 2009 05:33 PM
    Thanks. I will try and let you know.


  • 7.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Jul 28, 2009 03:28 AM
    Hi Jay,

    Can you please update us on your issue..


  • 8.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Aug 11, 2009 02:01 PM
    Dear All,

    I wanted to implemet SNAC but i have a question.

    Suppose you came to my office and you wanted to connect to my network to browse internet & you want to print some document on my network printer.

    Is it posibe In SNAC. So that user can only browse & pint on my network.

    I dont want that he/she can browse my whole network.

    How to Block that remote user to block my network but he can browse internet & print document on my printer.

    Thanks In Advacne

    Shri !!


  • 9.  RE: Can SEP Network Access Control module be used to restrict internet access?

    Posted Aug 11, 2009 02:11 PM
    With SNAC you can configure so that if the requirement fails clients can be either sent to Production VLAN where they will have access to everything or to Remediation VLAN where they will have access to only those things that you will allow.

    So in your remediation VLAN you can configure so that the clients can connect to the internet and access your printer but cannot access other resources in the network...

    And for these remote/ guest users there is one configuration called Agentless/Dissolvable  SNAC Configuration
    read : https://www-secure.symantec.com/connect/forums/snac-agentless-configuration