You want to block some websites using a firewall policy and allow users to access all other websites.
[Cause]
Most websites have dependencies on other pages or services. By blocking all websites, some dependencies can't be loaded and even websites that haven't been blocked won't load or will load very slowly.
[Resolution]
Below Knox 2.7
You will need to find and add all the hosts used in the desired website and add these to the allow rules in the firewall policy.
Detailed steps
If your target devices are running a Knox version released before 2.7, the implementation is based on hostnames not domains. The following should be considered:
Most websites have dependencies on other pages or services. By blocking all websites, some dependencies can't be loaded and even websites that haven't been blocked won't load or will load very slowly.
[Resolution]
Below Knox 2.7
You will need to find and add all the hosts used in the desired website and add these to the allow rules in the firewall policy.
Detailed steps
If your target devices are running a Knox version released before 2.7, the implementation is based on hostnames not domains. The following should be considered:
- Hostnames must be valid. Ensure that all hostnames point to a valid IP address by using the "ping" command. For example, use "www.samsungknox.com", because it refers to a valid IP address. Don't use "https://www.samsungknox.com/en".
- Websites usually need to access several different hostnames to load all of its contents. All of them must be included in a comprehensive firewall setting policy.
- It's NOT recommended to use the corresponding IP addresses instead of hostnames as they can change over time.
- Using corresponding IP addresses negatively impacts the user experience. Pages will take longer to load due to the various checks firewall will have to perform in real time.
For example, if you want to block all websites except https://www.samsungknox.com/, you need to do the following:
- Access https://www.samsungknox.com/ from a computer browser (e.g. Firefox).
- Hit F12 key to toggle web developer tools and then navigate to the Network tab.
- See all requests being made from https://www.samsungknox.com/ website:
- Based on the Domain list, create the corresponding Firewall Settings on IAM & EMM console:
NOTE — Although hostnames above refer to elements of the same page, each of these hostnames must be individually whitelisted.
Although they are part of the same domain, they are different hosts, i.e. they point to different IP addresses. Each of these hosts must be individually whitelisted.
Knox 2.7 or above
Use the solution above or use new domain-based firewall rules. These rules only require you to whitelist the top-level domain.
[Environment]
SDS IAM & EMM
Samsung devices
[Summary]