hi there,
been using wingate for several years now, great program.
I have network here with over 100 users. I have setup firewalling by changing many settings in port security.
What i'd like to be able to do like most other firewall solutions is to setup port security by IP/group/pc etc... so i can for example let all 'power users' have certain ports open and other users only use std ports.
It's especially annoying when i just want a port open for one pc/user but i have to open it for everyone.
That could be implemented by applying policies to port level or perhaps just adding an option to restrict/enable access to open ports by ip/range.
Without such an option i'm seriously considering putting a linux box in between the wingate box and router so i have more control over ports.
Thanks
Eli
feature request: ENS Port Security
Moderator: Qbik Staff
6 posts
• Page 1 of 1
feature request: ENS Port Security
by wyldcyde » Oct 08 05 2:54 am
- wyldcyde
- Posts: 29
- Joined: Oct 29 03 6:54 am
by jamesc » Oct 08 05 2:58 pm
Scenario 2 in this post may help you. If that is not quite aligned with your needs, then please describe a desired result.
http://forums.qbik.com/viewtopic.php?p=18832#18832
http://forums.qbik.com/viewtopic.php?p=18832#18832
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
by wyldcyde » Oct 13 05 12:33 pm
Thanks, that scenario is similar to what i'm looking at but not quite.
Say I want 196.165.1.1 to use range of tcp ports 5000-4000... not specific to destination, just want those ports open...
for example with skype or peer2peer.
I can see how i can set on policy for 'general users' that criteria not met if server port equals 5000 and that should effectively drop any attempts to that port by pcs with 'general users' logged on.
But that doesnt cover range of ports and that doesnt differentiate between tcp and udp.
I also think it complicates things a lot having to configure custom port access in 3 or more places - policies, port mapping services & port security.
That advice does help me though if I have one port i want open/closed for a specific user/group and port mapping helps if i require access to specific external ip but want to restrict who accesses it.
It would be simpler IMO to either attach group/user policy config to port security options or just add option to add ip address/range to each port security setting.
I have MANY ports specifically opened and blocked in port security... its just my hope that in future wingate will offer port admin setup common to firewall software. Dont get me wrong, wingate does offer a lot of control over connection, just not as much as a control freak like me desires... but i dont want to install another firewall on the same box to fill in the gaps in wingate software.
Eli
Say I want 196.165.1.1 to use range of tcp ports 5000-4000... not specific to destination, just want those ports open...
for example with skype or peer2peer.
I can see how i can set on policy for 'general users' that criteria not met if server port equals 5000 and that should effectively drop any attempts to that port by pcs with 'general users' logged on.
But that doesnt cover range of ports and that doesnt differentiate between tcp and udp.
I also think it complicates things a lot having to configure custom port access in 3 or more places - policies, port mapping services & port security.
That advice does help me though if I have one port i want open/closed for a specific user/group and port mapping helps if i require access to specific external ip but want to restrict who accesses it.
It would be simpler IMO to either attach group/user policy config to port security options or just add option to add ip address/range to each port security setting.
I have MANY ports specifically opened and blocked in port security... its just my hope that in future wingate will offer port admin setup common to firewall software. Dont get me wrong, wingate does offer a lot of control over connection, just not as much as a control freak like me desires... but i dont want to install another firewall on the same box to fill in the gaps in wingate software.
Eli
- wyldcyde
- Posts: 29
- Joined: Oct 29 03 6:54 am
by adrien » Oct 14 05 9:16 am
Hi
The policies in the ENS can do things like port > x and port < y and IP protocol number = 6.
So you can set up rules for port ranges and specify protocols.
TCP = 6
UDP = 17
ICMP = 1
Regards
Adrien
The policies in the ENS can do things like port > x and port < y and IP protocol number = 6.
So you can set up rules for port ranges and specify protocols.
TCP = 6
UDP = 17
ICMP = 1
Regards
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 4 guests