Endpoint Protection

 View Only

  • 1.  How many IP's or url’s we can block on Symantec Endpoint Protection FW?

    Posted Oct 22, 2018 12:43 PM

    Hi All, Have any of you observed a relation between the number of FW rules on Symantec Endpoint Protection FW component and a latency on the browsing and downloading files? In other language, If you blocked 100 IP on the FW on client A and 1000 IP on client B... Is there will be any difference in using the network from the two clients?



  • 2.  RE: How many IP's or url’s we can block on Symantec Endpoint Protection FW?

    Posted Oct 22, 2018 01:48 PM

    There isn't a hard-coded limit however as you've seen the more rules/triggers the more there is a chance for a processing lag.



  • 3.  RE: How many IP's or url’s we can block on Symantec Endpoint Protection FW?

    Posted Oct 23, 2018 06:01 AM

    Hi Ahmed,

    Thanks for the post.  Attempting to manually block every bad IP address or URL is an impossible battle: there are too many of them and they change too frequently.  I usually recommend blocking those assoicated with an ongoing malware infection in order to prevent C&C/new downloads, but building a permanent list of hundreds or thousands is not the best approach.  Rely upon IPS to detect and block malicious traffic. 

    Hope this helps!