Website blocking using SEP Firewall doesn't work when a Proxy is used.
Last Updated July 26, 2016
Without proxy settings in browser SEP can block web sites as per firewall rule but if traffic is routed through proxy server then sites are Allowed/block as per proxy settings.
This is because SEP firewall is host based firewall and SEP is not proxy aware.
Firewall looks at the DNS query for the website that we're trying to block and then blocks the website per the rule. However since the proxy server is configured, the DNS lookup does not happen and the website is allowed by the firewall.
To confirm, perform a DNS lookup on the client machine when the proxy is enabled/disabled to check what IP is resolved for target website. If the resolved IPs are identical in the both scenarios, then SEP client will fail to match the rule because when the proxy is enabled, source address of incoming IP packets will be replaced with proxy's IP address.
If there is proxy and SEP firewall both in place, Traffic will be routed as per the proxy firewall settings.
If proxy server is not in place use SEP firewall to block web sites.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe