WinGate Forums

[heri]

hello all,
i am trying to do the followings:
for day time( 07:00-22:00) clients will surf the net, email and yahoo.
night: 22:00-07:00 they can do anything.

i am using ens&nat and this is what i do now:
Extended Networking->Port Security->Lan Connections to Internet
can be deny or allow. morning i switch to deny, and night i switch to allow.
is there something i can do to automate this?

using 5.2.3, all clients connect as Guest.
can i do a policy on this and how do i setup it?
a step by step approach would be very usefull.
thank you.

[Pascal]

Yes. You need to create two policies for Everyone in ENS/NAT.

First policy, set the Time Inclusion for 07:00 -> 22:00 and set the ban list to include the sites you want to block.

Second policy, set the Time Inclusion to 00:00 -> 07:00. And another Time Inclusion for 22:00 to 23:59:59.

With ENS though, you will have problems with using URLs. Because ENS only sees the IP address and it performs no protocol analysis. You'd either have to use the IP address of sites you want to allow access to in the ban list.

Alternatively, you will need to specify slightly more complex complex - as you'd either have to do that in the System Policies (Be VERY CAREFUL to not restrict access to the local machine with a gatekeeper login) or in the individual service policies with transparent redirection enabled for them.

[heri]

maybe i wasnt clear:
for day usage, only this ports are allowed: 80, 22, 23, 53, 110,25, 445,7000, 7070, 8000. and the policy in ens is deny for all the other ports.
i would like for the night that all port range( tcp) to be allowed . so te
policy is allow for any port.
i am not interested to filter URL, as i am using www proxy and anyway, i know how to configure it.

Is there a way to do this? ( automate it?)
I thought to use regedit and at commands( windows) to script some registry entries, but i dont know them yes).It should go like this:
at 23:00 change default policy in allow for ens
at 07:00 -||- to deny.
but as a device driver developer i think that the registry are read only on
IRP_MJ_CONTROL and not when i change something in them. and i suppose that you already verify from which app you are receiving those IRP_MJ_CONTROL, dont you?

So, i need some help , guys.!
Thank you for your time., a happy user

[Pascal]

Fair enough, your original post indicated:

for day time( 07:00-22:00) clients will surf the net, email and yahoo.

which is what led me down the track of wanting to block by URL. If it is simply a port range you want to block at a given time, that is considerably easier.

First, the easiest way to do this is by using Policies for ENS. That way, there's no scripting / registry writing involved (Which I can't guarantee for you will work).

1. Setup a policy for "Everyone" that allows access for your normal operational hours. (07:00 to 22:00). Then, under the Advanced tab, add a series of Filters and Criteria where the criteria is "Server Port Number is 80", etc. Filters are ORred with other Filters, while Criteria within a filter is ANDed with other Criteria in that same filter.

That policy will grant access to the specified ports for the specified time inclusion to all your users.

2. Setup a second policy for "Everyone" that allows access during the alternative hours (22:00 to 07:00 - you'll need to specify two time ranges). In this one, don't add any advanced criteria.

That policy will grant access to ALL ports for the specified time inclusion to all your users.

That should do what you described.