How to block a specific IP using Endpoint Protection Network Threat Protection

book

Article ID: 177730

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You want to block network traffic associated with a specific IP address using the Symantec Endpoint Protection (SEP) Network Threat Protection Firewall component. How can this be accomplished?
 

Resolution

Edit the firewall policy associated with the clients to add a corresponding rule as follows:

  • Open the Symantec Endpoint Protection Manager (SEPM), click the Policies tab, and edit the policy you wish to change
  • Add a blank rule
  • Modify the “Host” properties so that the “Source/Destination” IP is the address you wish to block (Local/Remote is less generic, and requires the local address of the client on which the rule should be applied)
  • Change the “Action” to Block
  • Save and deploy the policy as needed.

 

 


This will block all incoming and outgoing traffic associated with the specified IP address.