hi.
OS client and host windows xp home sp2, Wingate 6.0.4-1025.
Connection wgic on client.
When I run a particular game "on the client" in server mode I require 3 udp ports to be open for incoming connections. If it’s aloud global access in the central application list "default mode Application Terminated" in the winsock redirector do I still have to "allow incoming connections from the internet" on those udp ports through WG's firewall "default = deny"?
If in WRP user config, both "Check central application list and Check client application list are selected at the same time, which has piority, host/server or the lowest mode of the two? EG Iexplorer on host "WGIC"=mixed, Iexplorer on server "WRP"=global.
Firewall and wgic
Moderator: Qbik Staff
5 posts
• Page 1 of 1
by adrien » Oct 18 05 4:02 pm
Hi dave
Not sure I understand your post correctly.
If you have set the default mode in central config to "application terminated", then any application not enabled in the list will be not allowed to execute on the client machine.
However central config is user-based, so you specify which user or group the configuration policy applies to. Applications listed in there override the general (default) settings.
If "Check the client's application list" is enabled, then the client's settings are also used. Otherwise just the server settings are used if you have "Check the central application list". This way you can stop your users from messing with their settings to try and bypass central policy.
Adrien
Not sure I understand your post correctly.
If you have set the default mode in central config to "application terminated", then any application not enabled in the list will be not allowed to execute on the client machine.
However central config is user-based, so you specify which user or group the configuration policy applies to. Applications listed in there override the general (default) settings.
If "Check the client's application list" is enabled, then the client's settings are also used. Otherwise just the server settings are used if you have "Check the central application list". This way you can stop your users from messing with their settings to try and bypass central policy.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by DaveStones » Oct 18 05 9:31 pm
Thank you Adrien for your reply. I had two questions in the post, the first was about requiring to allow ports through WG’s firewall while using WGIC on a client pc.
The second you got pretty right except I want to know what happens if both "Check the client's application list" and "Check the central application list" are enabled at the same time and which takes priority. Both of these boxes are checked by default when I open “edit WRP User Config” box. Thank You..
The second you got pretty right except I want to know what happens if both "Check the client's application list" and "Check the central application list" are enabled at the same time and which takes priority. Both of these boxes are checked by default when I open “edit WRP User Config” box. Thank You..
- DaveStones
- Posts: 13
- Joined: Sep 16 05 5:38 pm
by genie » Oct 19 05 12:21 am
In regard to the check order:
WGIC first checks the centralazied list. If there is no match in the centralized list and "Check user app" button is ticked, then the user list is checked, otherwise the default action is taken.
WGIC first checks the centralazied list. If there is no match in the centralized list and "Check user app" button is ticked, then the user list is checked, otherwise the default action is taken.
- genie
- Qbik Staff
- Posts: 1788
- Joined: Sep 30 03 10:29 am
by adrien » Oct 20 05 11:25 pm
in regard your first question, is this for things like FTP clients, or LAN-based servers.
There is an issue with 6.0.4 in that it doesn't open firewall holes for listening sockets through WGIC. In the past there was a blanket allow created in the port ranges config for ports 1024 - 4096 UDP and TCP to allow secondary inbound connections back in (like for FTP etc). These ranges were removed in 6.0.4.
You may need to manually add a range to the security table to allow incoming connections for WGIC
Adrien
There is an issue with 6.0.4 in that it doesn't open firewall holes for listening sockets through WGIC. In the past there was a blanket allow created in the port ranges config for ports 1024 - 4096 UDP and TCP to allow secondary inbound connections back in (like for FTP etc). These ranges were removed in 6.0.4.
You may need to manually add a range to the security table to allow incoming connections for WGIC
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 9 guests