Endpoint Protection

Dear Community!

I've got a request recently to block someone's internet access. I've created a new group, copied the default firewall policy and added a blank rule with severity 0 - Critical, that blocks source and destination address of our proxy server, altough the firewall is not blocking it. I'm constantly pinged the address, an all ping gone trough, even when the test client got the new policy. I've set all of the rules to log into the packet log, and saw that the address is allowed by the rule "Allow ping, pong..etc"

The blank rule to block the address is in the first place and as I wrote it's severity is higher than the Allow ping's severity.

Am I missing something or is it a bug?

thanks in advance

the blanck rule should be first and should be enabled.

after this , confirm whether the client has received the policy

The client is received the policy, the rule is first as I wrote earlier, and it is enabled.

It is enabled, its the first as I wrote earlier, and the client received the new policy.

Hi,

Check this article

https://www-secure.symantec.com/connect/articles/how-block-internet-address-sep-manager-firewall-rule

I hope it will help you !!

It works, altough this is a symantec 11.x manager, and the pictures are not the same as in 12.1.

The only thing is: This wizard created an EXACT same rule as I created manually. The manually created rule is not working, the wizard created rule is working. Strange.