Ringfencing Internet Access

3 min. readlast update: 03.31.2025

Ringfencing™ enables you to block an application from accessing the internet altogether. Or you can specify only certain websites that you know this application needs to access.   

To set up internet Ringfencing restrictions on your own policy, select the checkbox next to 'Restrict these applications from accessing the internet?'. Then, you will type in the exclusions you want to allow access to, using wildcards and subnets as necessary. Be sure to click 'Add' after each entry. 

undefined

 

Exclusions

Exclusions are tied to the individual policy and allow you to specify IPv4 addresses, IPv6 addresses, or domain names the application can access. Changes made to exclusions do not require you to restart the application or deploy policies. 

Please Note: Any changes made to Internet Exclusions will automatically save and be applied to the policy.   

For more information on using automatic Learning mode to learn Ringfencing Exclusions, see our associated article How to use Ringfencing Internet Exclusions.   

Domain Name

To add a domain name to the 'Exclusions' list, choose 'text' from the 'Type' dropdown menu and then type in the text you wish to include in the tag. You can use wildcards in the text string. Then click the 'Add' button to add your chosen domain to the list below.  

When you are using wildcards in the domain name, be careful not to place a wildcard at the end of a domain name. An attacker could easily set up a domain with a name that begins the same as a trusted, legitimate address. (e.g. www.google.malicious_site.com) 

undefined

 

IPv4

To add an IPv4 address, choose 'IPv4' from the 'Type' dropdown menu and then type the address you want to include in the tag. Then click the 'Add' button to add your Value to the list below. 

undefined

 

IPv4 Subnet

To add an entire subnet of addresses, choose 'IPv4' from the 'Type' dropdown menu and then type the address of the subnet you want to include in the tag using CIDR notation. Then click the 'Add' button to add your subnet to the list below. 

 

undefined

IPv6

To add an IPv6 address, choose 'IPv6' from the 'Type' dropdown menu and then type the address you want to include in the tag, being sure to click the 'Add' button when you are finished. 

undefined

Changes to Exclusions happen in real time. You do not need to click 'Save'; you can exit out of the window.  

If you ever need to delete an item, select the delete button next to the Exclusion you want to remove. 

undefined

 

Tags

Tags are collections of items that can be applied to Network Control policies and Application Control policies with Network Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags allow for efficient, centralized management of allowed network domains and IP addresses, as they are shared across all of your child organizations. The same tag can be easily applied to multiple policies across your various clients. 

undefined

When you are applying Ringfencing™ to an Application that has previously not had Ringfencing™ applied, it is very important to place that specific Policy into a Monitor Only Status for about a week.  

Failure to place a new Ringfencing Policy into a Monitor Only Status for a week may possibly impact your day-to-day business operations. 

Ringfencing - File access

Ringfencing - Application Interaction

Ringfencing - Registry Activity

Ringfencing A New Application

Was this article helpful?