Block Web sites with Endpoint Protection

book

Article ID: 177529

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to block specific Web sites using the Symantec Endpoint Protection (SEP) client Network Threat Protection (NTP) component.


 

Resolution

The SEP client firewall cannot function as a proxy, however, it can be used to block traffic to/from specific DNS names if properly configured.

It is highly recommended to use another method such as proxy server and/or DNS security service to provide Web filtering. Using the SEP client firewall to block Web sites has the following limitations:

  • This method requires blocking a DNS name, and will not function with specific URLs
  • Web sites accessed through an HTTP/S proxy will not be blocked by this method
  • Traffic sent directly to an IP address without generating a DNS lookup will not be blocked
  • Reverse DNS lookup must be enabled in the SEP client firewall
    • SEP client firewall Reverse DNS lookups do not work with encrypted DNS services
  • Depending on configurations, Web traffic sent through a VPN tunnel may not be blocked 

To create a DNS name based firewall rule:
  1. Open the Symantec Endpoint Protection (SEPM) Console
  2. Click Policies > Firewall
  3. Edit the existing Firewall Policy
  4. Click Rules
  5. Right Click Rule Number 2 and Select Add a Blank Rule
  6. Right Click Under the Action and Set it to Block
  7. Right Click on the Host Select Edit
  8. Under Specify host names or addresses of computers that trigger the rule Select : Local /Remote
  9. Under Remote Click Add Under Type Select DNS domain
  10. Under DNS Domain type the name of the Website e.g. : *.symantec.com
  11. Click OK and close the Host List Window
  12. Click OK and close the Firewall Policy Window
  13. Assign the policy to the desired group