How to close established connections in Wingate 8?
Aug 15 13 3:25 am
Hi, having implemented Access Rules using the Web Access Control in Wingate 8 I've managed blocking the access to certain web sites (such as Facebook, Twitter) during work hours. However, I have a problem with gmail's chat (Hangouts) when a user left his session open during the happy hours (12:30 to 14:30, or at night), they can still use the chat in the work hours.
So, what I need is to find out a way to finish or close the established connection as soon as the happy hours are finished.
Which is the best method for closing these connections, I don't know if it is possible to accomplish this from Web Access Control or using some kind of policy.
Regards,
So, what I need is to find out a way to finish or close the established connection as soon as the happy hours are finished.
Which is the best method for closing these connections, I don't know if it is possible to accomplish this from Web Access Control or using some kind of policy.
Regards,
Re: How to close established connections in Wingate 8?
Aug 15 13 11:08 am
Hi NLionel. Whilst Web Access Rules don't have direct support for what you are after you can easily implement something like it within policy.
Create a policy for the event you want to catch (ConnectRequest, Connect, ProxyRequest etc). Then check to see if the URL is one you want to block outside of happy hours and if so, set the expiry time on the session to be when happy hours finishes. Then attach a schedule check to ensure that if you are already outside happy hours then the connection is rejected. I have tested this myself and it seems to work.
I will add that you can happily leave your Web Access rules doing most of the work and just use policy to implement the URL check and Session Expiry part.
The only issue is ensuring the URLs are correct. In my tests, all chat connections went through clients6.google.com. You might want to make a data list and use a wildcard data list lookup on all the clients*.google.com chat URLs you find.
Hope this helps
Create a policy for the event you want to catch (ConnectRequest, Connect, ProxyRequest etc). Then check to see if the URL is one you want to block outside of happy hours and if so, set the expiry time on the session to be when happy hours finishes. Then attach a schedule check to ensure that if you are already outside happy hours then the connection is rejected. I have tested this myself and it seems to work.
I will add that you can happily leave your Web Access rules doing most of the work and just use policy to implement the URL check and Session Expiry part.
The only issue is ensuring the URLs are correct. In my tests, all chat connections went through clients6.google.com. You might want to make a data list and use a wildcard data list lookup on all the clients*.google.com chat URLs you find.
Hope this helps
- blockconnections.png (30.76 KiB) Viewed 3138 times
Re: How to close established connections in Wingate 8?
Aug 22 13 3:52 am
Hi Aaron, I've implemented the policy and it is working good.
Thanks for the help,
Thanks for the help,