How to block messenger in checkpoint firewall

Can someone advise how do i block messenger (msn and yahoo and skype) in checkpoint firewall? we are using checkpoint ng f3. What are the source and destination and services that need to add ?

beside block from checkpoint firewall, can i do it on w2k server group policy ? can someone advise how to do it ?

what is the diff ?

thanks.

Reply to
sg_s123
Loading thread data ...

??? On my Checkpoint 500W UTM Appliance, I can go into its Smart Defense Configuration Module and, under Instant Messaging, block those services. Does your product have this module?

Reply to
optikl

We are using checkpoint NG feature pack 3 (fp3), I cant find this module.

Reply to
sg_s123

Hi,

You do have Smartdefence in FP3 but in it's very first form , with no P2P or Messaging blocking.

the only way is to block the messenger ports but it won't help you alot because messenger works on port 80/HTTP and you can't block that .

In the new release (R61) you have the means to block messenger and other messaging apps via HTTP , so you'll have to upgrade.

if you want to block it via w2k groups then use proxy or check point Smartdirectory

Reply to
nirsh

hi,

how do i do it in w2k group policy ? we dun have a proxy server. are there any steps that i can refer to ?

so d u mean checkpoint fp3 does not have the capability to block messenger ?

regards.

nirsh wrote:

Reply to
sg_s123

I don't know excatly how , but to do it you need to install some kind of proxy (Microsoft ISA maybe) and all your network will have to work with it. in the ISA there ways to filter all sorts of HTTP traffic including messenger. in this way all your network http traffic will go through that proxy and he will make your filtering. ofcourse you can connect it to your AD and by that you can choose which users can connect to messenger and which can't . ofcourse there alot more features in that product.

Reply to
nirsh

came to realise that w2k service group policy does not hv the capability to block messenger. need to upgrade to win 2003 server. However even if so, it will still unable to block others chatting services aprt from msn messenger. it will still not resolve my problem.

i m notsure if checkpoint ng fp3 have such capability to block. I have tried adding rules rules from nodes (with ip addr) to block tcp->msn_messenger but it kindda of difficult as we all uses dynamic ips..

anyone with checkpoint NG GP3 can provide guidance ?

it is driving me nuts now.

nirsh wrote:

Reply to
sg_s123

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.