Endpoint Protection

 View Only

  • 1.  How to block Proxy address using SEPM 12 RU2

    Posted Feb 13, 2013 11:19 AM

    Hello,

     

    I have been given two proxies to see whether it can be blocked through SEPM 12 RU2. How to block this? I understand we can block websites using Firewall rule, but what about proxies:

     

    Pro.matt1.net:9999

     

    96.239.90.60:8164



  • 2.  RE: How to block Proxy address using SEPM 12 RU2

    Posted Feb 13, 2013 11:21 AM

    Do you want to block the ports? 9999 and 8164 only or do you want to block by the IP and hostname?

    You can create a firewall rule to block those remote ports or even by the hostname and specific IP address you listed



  • 3.  RE: How to block Proxy address using SEPM 12 RU2

    Posted Feb 13, 2013 11:27 AM

    Well, I'd like to block both the IP and hostname.

     



  • 4.  RE: How to block Proxy address using SEPM 12 RU2
    Best Answer

    Posted Feb 13, 2013 11:34 AM

    This should work for hostname and IP:

    Blocking a Website using Symantec Endpoint Protection

    Article:TECH92405  |  Created: 2009-01-16  |  Updated: 2012-08-22  |  Article URL http://www.symantec.com/docs/TECH92405

     Once you create the rule for the hostname, do the same steps for IP just select "IP address" instead of DNS domain

    Go into your FW policy

    Select Add Rule and give it a name

    Select Block connection

    Apply to all applications

    Select "only the computers and sites listed below"

    Click Add

    Select DNS Domain (than select IP address to block by IP after click OK and ADD again

    Leave radio button to block al types of communication

    Select if you want to log or not

    Click Finish and move to top

     



  • 5.  RE: How to block Proxy address using SEPM 12 RU2

    Posted Feb 13, 2013 11:53 AM

    Check this also

     

    The above configuration can be done by creating only 2 firewall rules. Please follow the below steps to configure the rules.

    1. Go to Firewall policy > Rules.

    2. Click on Add Rule button. Select Host > Next > From Address Type drop down menu select DNS domain.

    3. Select DNS Domain as *.* then Click Next > Click Finish.

    4. Once the rule is created, highlight the New Rule. Go to Service column, right click and edit, then select Add. The rule will be TCP, Source/destination with remote port 80,443 click ok and ok again. Then go to Action column and make it set to "Block".

    The above rule is to block all the websites. To create a rule to allow only selected websites, please follow the steps below.

    1. Go to firewall policy> Rules.

    2. Click on Add Rule. Select Host > Next > From Address Type drop down menu select DNS domain.

    3. Enter DNS Domain as *.*symantec*.* This is an example which means all the urls related to symantec will be allowed.

    4. Click Next > Click Finish. Multiple websites can be added to the same rule.

    5. Once the rule is created, highlight the new rule. Go to Action column and make it to Allow.

    Note: Place the "Allow" rule on top of "Block" rule.

    Assign the policy to the required group. This will allow only the selected website and block all other website.