The SEP client firewall cannot function as a proxy, however, it can be used to block traffic to/from specific DNS names if properly configured.
It is highly recommended to use another method such as proxy server and/or DNS security service to provide Web filtering. Using the SEP client firewall to block Web sites has the following limitations:
- This method requires blocking a DNS name, and will not function with specific URLs
- Web sites accessed through an HTTP/S proxy will not be blocked by this method
- Traffic sent directly to an IP address without generating a DNS lookup will not be blocked
- Reverse DNS lookup must be enabled in the SEP client firewall
- SEP client firewall Reverse DNS lookups do not work with encrypted DNS services
- Depending on configurations, Web traffic sent through a VPN tunnel may not be blocked
To create a DNS name based firewall rule:
- Open the Symantec Endpoint Protection (SEPM) Console
- Click Policies > Firewall
- Edit the existing Firewall Policy
- Click Rules
- Right Click Rule Number 2 and Select Add a Blank Rule
- Right Click Under the Action and Set it to Block
- Right Click on the Host Select Edit
- Under Specify host names or addresses of computers that trigger the rule Select : Source/Destination
- Under Remote Click Add Under Type Select DNS domain
- Under DNS Domain type the name of the Website e.g. : *.example.com or https://www.example.com url like if they don't wish to block complete website.
- Click OK and close the Host List Window
- Click OK and close the Firewall Policy Window
- Assign the policy to the desired group