How to block ports for certain users only?

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

How to block ports for certain users only?

Postby bruce » Nov 13 15 7:31 pm

Hi, I can block ports in Extended Networking. But it is for everyone. How do I apply the block to certain users only?
Thanks!
bruce
 
Posts: 6
Joined: Nov 13 15 7:19 pm

Re: How to block ports for certain users only?

Postby adrien » Nov 17 15 1:34 pm

Hi Bruce

the port security tab only allows setting policy on destination port.

However you can use flow-chart policy attached to the NAT Controller events to effect policy based on more information such as the client IP, or destination IP etc.

So you would need to open the port for all users, and block it for all the others in flow-chart policy (WinGate > Control Panel > Policy).

There you would create a new policy for NAT controller : ClientConnect event.

Drag the WinGate NAT: ClientConnect item onto the worksheet, and connect it to an item which checks which users you want to block. E.g. based on IP or some other aspect. If it matches, then use a Result object to disconnect.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: How to block ports for certain users only?

Postby bruce » Nov 20 15 5:00 pm

I have tried the following, but Request.Port is never matched in List lookup.
The user matching is working, I have confirmed by dragging User's Yes node directly to Disconnect, and the user received no data when accessing internet.
I have tried Session.ServerPort too. What could be the problem?

000278.png
000278.png (95.41 KiB) Viewed 4468 times
bruce
 
Posts: 6
Joined: Nov 13 15 7:19 pm

Re: How to block ports for certain users only?

Postby adrien » Nov 22 15 7:03 am

Hi

the event you connected to was the www proxy server: request event, which is not the event that occurs for NAT traffic. Does the rule get hit in any way at all? To block ports for NAT you need to attach a rule to the NAT controller event.

Also blocking port 80 will block 99% of all web traffic.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: How to block ports for certain users only?

Postby bruce » Nov 23 15 3:35 pm

adrien wrote:Hi

the event you connected to was the www proxy server: request event, which is not the event that occurs for NAT traffic. Does the rule get hit in any way at all? To block ports for NAT you need to attach a rule to the NAT controller event.

Also blocking port 80 will block 99% of all web traffic.

Adrien

Thanks, "WinGate NAT: ClientConnect" is working.
Some questions:
1. How to call a policy which has a Javascript block, and get the boolean result from that JavaScript, so that the "Call Policy" block has a Yes and a No node?
2. If I want to block port 1025 to 5221, 5229 to 9999 and 10002 to 65535. What is the best way to achieve this? JavaScript?
3. How to close all incidents instead of closing one by one?
4. I think the Policy Editor should be created as a window that appears on Windows taskbar, instead of contained inside WinGate Management. It's very annoying to have to constantly minimizing and restoring the editors.

Thank you very much.
bruce
 
Posts: 6
Joined: Nov 13 15 7:19 pm

Re: How to block ports for certain users only?

Postby adrien » Nov 25 15 2:57 pm

Hi

1. How to call a policy which has a Javascript block, and get the boolean result from that JavaScript, so that the "Call Policy" block has a Yes and a No node?


You can use a called policy to set a value in event data, which you can switch on in the calling policy, but there's no result passed back, and if the called policy hits a result other than "allow" then it actually doesn't return to the calling policy at all.

2. If I want to block port 1025 to 5221, 5229 to 9999 and 10002 to 65535. What is the best way to achieve this? JavaScript?


Yes, I think you would need to use some script, such as

(Request.Port >= 1025 AND Request.Port <= 5221) OR (Request.Port >= 5229 AND Request.Port <= 9999) etc

3. How to close all incidents instead of closing one by one?


There's no real way to do this sorry. It would be hard to provide individual messages when closing multiple incidents.

4. I think the Policy Editor should be created as a window that appears on Windows taskbar, instead of contained inside WinGate Management.


It used to work like this, I wonder if later versions of Windows broke it. I'll take a look. They are in separate frame windows, so should be alt-tabable etc.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: How to block ports for certain users only?

Postby royjm22 » Mar 22 16 10:12 pm

Really i am not able to understand how to create the chart policy , i want to create a policy that one specific website request route one of our internal server itself or specific website request re route to one another servergateway already existed in our network ,anyone can help me to create a policy from this request
royjm22
 
Posts: 21
Joined: Feb 08 16 1:08 am

Re: How to block ports for certain users only?

Postby MattP » Mar 23 16 7:38 pm

Hi,

You can create a flowchart policy to do this.

http_redirect_policy.png
http_redirect_policy.png (116.21 KiB) Viewed 4136 times


This policy works on the WWW Proxy::ProxyRequest event, so will only apply to http traffic. If you want to control http and https you'll need to create the policy as a Request event policy.

The first check in the policy is for Request.Server and checks the requested site against a data list. No match means that the site is not redirected, so the request is allowed. A matched site will result in the site being diverted.

You can download the policy here:
http://www.wingate.com/downloads/HTTP_redirect.zip

You will need to create the data list to check against in Control Panel::Data::Global Data and you will need to edit the redirect site.

Matt
MattP
Qbik Staff
 
Posts: 991
Joined: Sep 08 03 4:30 pm


Return to WinGate

Who is online

Users browsing this forum: No registered users and 28 guests

cron