Endpoint Protection

 View Only

How to block range of IP addresses (Subnets) using Symantec Endpoint protection Firewall rule 

Dec 15, 2009 08:38 AM

 How to block range of IP addresses (Subnets) using Symantec Endpoint protection Firewall rule

Some times we might want to block IP addresses ranges using Firewall rules

For example you might want to use specific firewall policies just for IPs from 10.0.0.1 to 10.0.0.220

T he existing default firewall policies does not allow you to add multiple IP addresses

We just get one IP address to add

In order to use my custom IP range in firewall rules I need to create HOST GROUPS

 

HOST GROUPS in simple terms

--------------------------------------------

 

Host group is a collection of DNS domain names, DNS host names, IP addresses, IP ranges, MAC addresses, or subnets that are grouped under one name so that you don’t need add IPs individually

 

ADDING HOST GROUPS (Step 1)

-------------------------------------------

In the console, click Policies.

 

Expand Policy Components, and then click Host Groups.

 

Under Tasks, click Add a Host Group.

 

In the Host Group dialog box, type a name, and then click Add.

 

In the Host dialog box, in the Type drop-down list, select one of the following hosts:

 

IP range

 

Enter the information for each host type.

Click OK.

Click OK.

 

Using Host Groups in Firewall Policy

--------------------------------------------------

Once you have Created host groups

open console, click policies

Select Firewall policy

Select rules

Create a blank rule

I made it as BLock IP Range

Double click on the Host (By default it will be any)

Now you will see your host group what you added in Step1

Define host relationship

Select if you want to make it local/remote or source or destination

 (Source/Destinatio is dependent on the direction of traffic. In one case the local client computer might be the source, whereas in another case the remote computer might be the source)

 (Local and remote :The local host is always the local client computer, and the remote host is always a remote computer)

Check the host group

Click Ok

Select the action as Block

Click Ok

Click Ok

Apply the policy

That’s it we should good with our rule for that particular IP ranges.

 

Hope this was helpful.

 

 

 

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

May 16, 2013 02:36 AM

 

guyz i have a question. 

i have monitor Netwrok Threat Protection logs and viewed ful report. in that report i saw that some IPs are attacking my webserver. my web server is connected with my LAN and there is another NIC card installed on it and from there it is connected to WAN (with Live IP). 

question is what are the corrective and preventive actions that i can perform so that these attacks are stopped.?

also how can i block IPs in SEPM?

Jan 14, 2013 03:07 PM

nice article! has anyone tried this?

I imagine that if the list becomes too large it would greatly impact client performace. Wondering how low the list of hosts/ IPs/ subnets people have setup before they noticed a degradation in client performance.

May 07, 2010 09:42 AM

thanks for u r article

Mar 23, 2010 06:27 AM


Hi,
I want to block the source from where the virus threats are coming from.
Is there a way that I can do that to our SEPM.
Most of the times our SEPM clients are getting threats as w32.downadup, Infostealer, trojan horse,W32.Spybot.Worm, M.p.jpg, winxp.jpb and others.
Thanks,
Meraj

Feb 03, 2010 04:19 AM

Really good one but which type of tragic it will block

and i m confusing with source and destination or local and remot option,, any one can explain it

Jan 14, 2010 06:55 AM

Very Very Helpful.

Dec 22, 2009 04:54 AM

Good One .Simple steps in simple language.. 

Dec 16, 2009 03:47 AM

good work mate!!

Dec 16, 2009 02:26 AM

It is easy to use. and very helpfully
Thank you.

Related Entries and Links

No Related Resource entered.