got this from the Symantec Knowledge base- It's a pain to implement. You can also do it in reverse and set up an Network Entity for the IP of site you want to block and then set up a rule to deny all services.
How to block some computers from accessing the Internet
Situation:
You want to block internal computers or workstations from accessing the Internet (for example, network monitoring consoles). You want to configure the firewall to prevent users at these computers or other computers inside the firewall from accessing the Internet.
Solution:
To prevent a computer from accessing the Internet, create a Host for the computer, add it to a Group that blocks Internet access, and then create a Rule for that group.
To block internet access:
1. Open the Raptor Management Console.
2. Create a new Host for each computer that you want to block:
a. Right-click Network Entities, click New, and then click Host under Base Components.
b. Enter the following information:
Name: workstation#1. Type this as a Host.
Address: IP address for workstation#1
c. Repeat steps a and b for each computer that you want to block. Use a different Name for each computer.
3. Add a new Group:
a. Right-click Network Entities, click New, and then click Group.
b. Enter the following information:
Name: HTTP-block-group. Type this as a Group.
In Members, add each computer to Included Members.
4. Add a new rule:
a. Right-click Rules, click New, and then click Rule under Access Control.
b. Enter the following information:
For connections coming via: Inside NIC
From source: HTTP-block-group
Destined for: Universe*
Coming out via: Outside NIC
Services: Included services: http*
5. Save and reconfigure the firewall by clicking the floppy disk icon in the icon bar.