How to block Skype, fix mac address and bypass proxy.

[niCky]

Hello,

i have use trial version : WinGate enterprise unlimited 8.1.0.4655
We'll use for 100 client. and i have find the way to fixed.

. . . all topic i talking about Web access Control :

1. How to fix mac address with IP ?
like in squid have command " arp -s 10.9.0.1 0:d1:fe:13:t2:32 "

2. How to block Skype ? (i have searched on google already. but i can't find)
like command in squid :
" acl numeric_IPs url_regex -i ^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)
acl Skype_UA browser -i ^skype
http_access allow numeric_IPs AIM_access
http_access allow Skype_UA AIM_access
http_access deny numeric_IPS !AIM_access
http_access deny Skype_UA !AIM_access "

3. How to set the option not use proxy for internal domain (local domain) ?
like in squid :
" acl it_server dst 10.9.0.0/22
always_direct allow it_server
http_access allow it_server "


Sorry, my english is not good.
Many thanks for your advice,
Nick. :)

[adrien]

Hi

sorry for the delay in responding.

1. Locking MAC and IP address. There's currently no way to do this in Web Access Control, although it may be possible in flow-chart policy. Are you concerned about people changing their IP address? We find those sort of things may be better dealt with internally (e.g. HR warnings for inappropriate behaviour), but depends on your organisation and who your users are.

You could use a map lookup in flow-chart policy to set some event data. For instance have a map of IP to expected MAC address (Result), and set Event Data for expected MAC to the result.

e.g in Map result, use something like

Code:

Event.SetData("Expected-MAC", Result)

Then you could test the client actual MAC vs expected MAC from the map, and act accordingly. E.g. with an expression evaluator test

Code:

Event.GetData("Expected-MAC") == Session.MACAddress

And do whatever you want depending on whether they match or not.

2. Blocking skype. If these rules are checking the User-Agent string in the request, you can block based on this in flow-chart policy as well. You can test if the request header contains "skype" as so:

Code:

Request.Headers.Get("User-Agent").Contains("Skype")

3. Not use proxy for internal domain. Is this for the clients, or WinGate using an upstream proxy? If for clients, all you could do is use WPAD and have the wpad.template file specify not to use proxy for internal sites. If for WinGate connecting upstream, you can control on a request-by-request basis whether to use a proxy or not, and there's also a setting to not use upstream proxy for internal (locally accessible, which is determined from the route table) sites.

Regards

Adrien

[niCky]

1. Locking MAC and IP address. There's currently no way to do this in Web Access Control, although it may be possible in flow-chart policy. Are you concerned about people changing their IP address? We find those sort of things may be better dealt with internally (e.g. HR warnings for inappropriate behaviour), but depends on your organisation and who your users are.

You could use a map lookup in flow-chart policy to set some event data. For instance have a map of IP to expected MAC address (Result), and set Event Data for expected MAC to the result.

e.g in Map result, use something like

Code:

Event.SetData("Expected-MAC", Result)

Then you could test the client actual MAC vs expected MAC from the map, and act accordingly. E.g. with an expression evaluator test

Code:

Event.GetData("Expected-MAC") == Session.MACAddress

And do whatever you want depending on whether they match or not.

2. Blocking skype. If these rules are checking the User-Agent string in the request, you can block based on this in flow-chart policy as well. You can test if the request header contains "skype" as so:

Code:

Request.Headers.Get("User-Agent").Contains("Skype")

Hi Adrien,

Thank you for your reply.

Could you explain me more about How to blocking Skype and Locking MAC and IP address, please.

I have saw i your Youtube channel already. but i don't understand how to fix it.

Many thanks,
Nick