Description

Creating a DNS policy to block or allow a web site for specific devices

In this case, we will create a policy called ‘mpwebdns’ to block Facebook.


Requirements

An admin login to Webroot Management Console


The Process

Click Create

To apply this policy to endpoints, click Manage Entities, and choose the site that you want the policy applied to

Log in to Webroot management Console
Under manage, go into policies
Click Default DNS policy
Click Copy
Enter a name (mpwebdns) and a description.
Policy will appear in the list
Click on the policy to show the settings. From here you can create general overrides for various pre-defined categories.
As an example, if you wanted to allow Alcohol and Tobacco sites, you would click to expand ‘Human Resource Protections’, then unclick ‘Alcohol and Tobacco’. This will allow any of these types of sites.
If you wanted to block ‘Job Search’ sites, you would click to expand ‘General Information’ and click to select ‘Job Search’. This will deny access to pre-defined job search sites.
Click Save at the bottom of the screen to save these settings.
To allow or block specific web sites, in the left menu click Manage, then Overrides, then Web Overrides
Click Add
Enter the web site in the domains field. Note that you can add multiple domains separated by commas, and wild cards are also accepted. We will add facebook.com
Global overrides can be used to apply the policy to multiple sites, but you would usually apply the policy to a site. When clicking site, you can then choose the site to apply this to. In this case we would apply it to a site.
Click ‘Associated Policy’ – this will apply the override to a specific policy that we can apply to specific endpoints. Choose the relevant policy (mpwebdns).
Choose to either allow or block the site. In this case we will block the site.

Click Create
To apply this policy to endpoints, click Manage Entities, and choose the site that you want the policy applied to


Select the computer that you wish to apply the policy to
Click Change Policy, and select which policy to apply. We will be updating the DNS policy only in this case to mpwebdns.


Click Change Policy

In this case, we cannot change the DNS policy for anything apart from the first computer as it is the only one with DNS Protection enabled.


If you wish to apply this policy to an entire group:

In Manage, Entities, Select the site, and then the group within the site.

Above the site list, click the Edit button.

Select the policies as required.

Click Edit Group.


The policy is now saved and should propagate to the endpoints on the next update.