Wingate 5.2.3
Windows 2000 Server
How do I get the "Ban List" to work in ENS Policies ?? Banning
some sites by servername does not work as it seems to have
been intended?
The "Advanced" tab where I have only allowed by request type
seems to work fine (serverport = 80, 25, 110, 443). Yahoo messenger
(latest version) uses port 25 also, so I am attempting to block traffic
by servername in the Ban List, but with no joy.
I have read all the posts in this forum, saw some folks having
problems with the same.
Can Qbik confirm if this is a known bug?
Thanks in advance,
Jack Snyder
Bug in ENS Policies: BAN LIST ?
Moderator: Qbik Staff
6 posts
• Page 1 of 1
Bug in ENS Policies: BAN LIST ?
by jacksnyderc » May 24 04 3:26 am
- jacksnyderc
- Posts: 9
- Joined: May 24 04 3:17 am
by MattP » May 24 04 4:54 pm
Hi Jack,
We haven't seen any bugs with policies. Can you detail how you setup the bans? Did you make sure you changed default policies to are ignored?
With the beta version which is currently available you can control the applications that the WinGate Internet Clients are permitted to use, so if you want to ban an application you could consider this as an option.
Regards,
Matt
We haven't seen any bugs with policies. Can you detail how you setup the bans? Did you make sure you changed default policies to are ignored?
With the beta version which is currently available you can control the applications that the WinGate Internet Clients are permitted to use, so if you want to ban an application you could consider this as an option.
Regards,
Matt
- MattP
- Qbik Staff
- Posts: 991
- Joined: Sep 08 03 4:30 pm
by jacksnyderc » May 24 04 6:53 pm
Using ENS with trasparent redirection:
and Default Rights(system policies) : are ignored
-------------------------------------------------------
Created the policies for ENS as follows:
Added in Ban List tab:
This criterion is met if : servername contains "gator"
Under Advanced tab:
Specify which rights recipient has rights for is checked,
and have created different filters, each filter having a
single criteria for type of request (eg. http, https, ftp, etc)
-------------------------------------------------------
Whereas policies based on request types are working properly,
the ban list policies are not, am confused..
regards,
Jack
and Default Rights(system policies) : are ignored
-------------------------------------------------------
Created the policies for ENS as follows:
Added in Ban List tab:
This criterion is met if : servername contains "gator"
Under Advanced tab:
Specify which rights recipient has rights for is checked,
and have created different filters, each filter having a
single criteria for type of request (eg. http, https, ftp, etc)
-------------------------------------------------------
Whereas policies based on request types are working properly,
the ban list policies are not, am confused..
regards,
Jack
- jacksnyderc
- Posts: 9
- Joined: May 24 04 3:17 am
by Nev » May 24 04 11:25 pm
jacksnyderc wrote:Using ENS with trasparent redirection:
and Default Rights(system policies) : are ignored
-------------------------------------------------------
Created the policies for ENS as follows:
Added in Ban List tab:
This criterion is met if : servername contains "gator"
Under Advanced tab:
Specify which rights recipient has rights for is checked,
and have created different filters, each filter having a
single criteria for type of request (eg. http, https, ftp, etc)
-------------------------------------------------------
Whereas policies based on request types are working properly,
the ban list policies are not, am confused..
regards,
Jack
Hi Jack,
Have several jobs that wish to deny staff access to certain web resources, majorly 'messenger' type processes and web mail for example.
I don't use policies as you do, but the following is the most streamlined and always deny's access afaict.
Apply a system policy that users must be at least assumed.
Apply a system policy and ban list for example 'xyz' to be banned.
In all services apply 'Must also be granted' from the global system policy works really well, nothing with 'xyz' will be granted.
The beauty of the System policy is that it's easy to implement in a service with the front pull down box.
However this may not suit your needs with specific access rights for users.
Cheers,
Nev.
- Nev
- WinGate Guru
- Posts: 861
- Joined: Sep 22 03 11:35 pm
- Location: Mudgee ~ NSW ~ Australia
by adrien » May 25 04 1:35 am
Hi
When the ENS reports connections to the WinGate engine it only reports IP addresses (not server names).
So you would need to ban servers by their IP address rather than their name, since WinGate cannot guarantee that a reverse name lookup would work (or be available due to inconsistencies in DNS configuration on the internet).
In your case this would require you to look up the range of IP addresses used by gator.com and then block those.
Adrien
When the ENS reports connections to the WinGate engine it only reports IP addresses (not server names).
So you would need to ban servers by their IP address rather than their name, since WinGate cannot guarantee that a reverse name lookup would work (or be available due to inconsistencies in DNS configuration on the internet).
In your case this would require you to look up the range of IP addresses used by gator.com and then block those.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Replies were helpful. Thanks.
by jacksnyderc » May 25 04 6:24 pm
Adrien, that is true, I hope this gets fixed in the
next release, otherwise it will remain a source of
confusion for new users. Thanks.
Nev., I will take up your sugesstions.. as soon as
things get more complicated in my organization.
Thanks!
Jack
next release, otherwise it will remain a source of
confusion for new users. Thanks.
Nev., I will take up your sugesstions.. as soon as
things get more complicated in my organization.
Thanks!
Jack
- jacksnyderc
- Posts: 9
- Joined: May 24 04 3:17 am
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests