search cancel

Website blocking using SEP Firewall doesn't work when a Proxy is used.

book

Article ID: 163438

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Without proxy settings in browser SEP can block web sites as per firewall rule but if traffic is routed through proxy server then sites are Allowed/block as per proxy settings.

Cause

This is because SEP firewall is host based firewall and SEP is not proxy aware.  

Firewall looks at the DNS query for the website that we're trying to block and then blocks the website per the rule. However since the proxy server is configured, the DNS lookup does not happen and the website is allowed by the firewall.

To confirm, perform a DNS lookup on the client machine when the proxy is enabled/disabled to check what IP is resolved for target website. 
If the resolved IPs are identical in the both scenarios, then SEP client will fail to match the rule because when the proxy is enabled, source address of incoming IP packets will be replaced with proxy's IP address.

Resolution

If there is proxy and SEP firewall both in place, Traffic will be routed as per the proxy firewall settings.

If proxy server is not in place use SEP firewall to block web sites.