Endpoint Protection

 View Only

  • 1.  Is it possible to block categories of certain web site?

    Posted Dec 14, 2009 02:11 PM
    1. Porn
    2. Streaming
    3. Social Networking

    I just did this to test with Facebook, and it did not work.  Not sure what I did wrong. I do not want to do this one by one, I would like to be able to block categorically. Is this possible?

    BlockFB.jpg


  • 2.  RE: Is it possible to block categories of certain web site?

    Posted Dec 14, 2009 02:43 PM
    I went to the server where I had the policy assigned and got right through.

    When I tried to type, it won't permit a copy and paste and I can't type spaces in the "variable" content box.


    I am following from these instructions...but instead of Google, I want Facebook blocked.

    http://service1.symantec.com/support/ent-security.nsf/docid/2008070803545448

    Even if can't be done by category, the three big ones I want blocked are
    Myspace
    Facebook
    YouTube


  • 3.  RE: Is it possible to block categories of certain web site?

    Posted Dec 14, 2009 03:06 PM
    As far as blocking categories of sites, you'd probably need to look at something different to do that.  That's a role typically assigned to a firewall-like appliance that sits at the border of your network.

    As far as the SEP rules go, I'd check that NTP is running and that the rule order is set with this rule before other "allow all" style rules.  Otherwise, I'll defer to other members here, as I'm not a heavy user of NTP.


  • 4.  RE: Is it possible to block categories of certain web site?
    Best Answer

    Posted Dec 14, 2009 09:45 PM

    How to block all website and allow only certain websites using Network Threat Protection Firewall rule.

    http://service1.symantec.com/support/ent-security.nsf/docid/2009072816443448


  • 5.  RE: Is it possible to block categories of certain web site?

    Posted Dec 15, 2009 04:52 AM
    Hello Brayn S
    I created a article for how to block web sites via Firewall rule. you can find it in this link. It is works
    https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule
    Thanks
    Fatih


  • 6.  RE: Is it possible to block categories of certain web site?

    Posted Dec 28, 2009 01:33 PM
    If you still want to block using a custom IPS rule, I noticed one immediate problem in the screen shots you posted.  When you edit the signature (the small pop-up window) there is a section called Content and beneath that a section called Applications.  According to the online help you must select (enable) the application that will trigger on this rule.  In your screen shot there is nothing selected (enabled).

    The other thing to check is over on the Clients screen.  Select the group you want to apply the custom IPS rule to, then click on the Policies tab.  Near the top, in the section called Location-independent Policies and Settings, you should see a link for Custom Intrusion Prevention.  In there you have to enable your custom IPS rule.

    Last but not least, after enabling everything on the management server don't forget to do an update on the client so that it pulls down the latest policy before you test.

    Hope this helps,
    Fred