Hi
How to block certain PCs/users from accessing web but allow them to check external pop/smtp server for mail.
Thanks.
Need help
Moderator: Qbik Staff
6 posts
• Page 1 of 1
by logan » Sep 29 07 2:57 pm
This really depends on how your client computers are connecting through WinGate.
If you were using NAT for example, you just need to modify your Extended Networking Policies to block these computers access to port 80. They will still be allowed access to port 25 and 110, so they will be able to check their email from an external server.
If you are using the WGIC, you can do the same policy adjustments as you would for NAT above, except on the Winsock Redirectory Service.
If you are using the proxies, simply deny these computers access the the WWW Proxy, but let them access the POP3 Proxy and the SMTP Mapping or Server.
If you could give the forum some more details about how your clients are connecting through WinGate, we can give you a more specific example.
If you were using NAT for example, you just need to modify your Extended Networking Policies to block these computers access to port 80. They will still be allowed access to port 25 and 110, so they will be able to check their email from an external server.
If you are using the WGIC, you can do the same policy adjustments as you would for NAT above, except on the Winsock Redirectory Service.
If you are using the proxies, simply deny these computers access the the WWW Proxy, but let them access the POP3 Proxy and the SMTP Mapping or Server.
If you could give the forum some more details about how your clients are connecting through WinGate, we can give you a more specific example.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by logan » Oct 02 07 6:39 am
We have already established that your clients are connecting through WinGate. You need to give us more details about How they are connecting through WinGate. More specifically, are you using NAT, the WinGate Internet Client, or the Proxies to connect to the internet through WinGate?
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by logan » Oct 03 07 10:22 am
Thanks for letting the forum know what connection method you are using. I have included a guide to restrict certain client computers to ports 25 (SMTP) and 110 (POP3) only.
This whole scenario can be done using one policy in the ENS. What we are basically going to do is specify some computer IP addresses that should not be allowed access to the ENS in a Policy Filter, and then create a couple of other Filters that grant everyone access to ports 25 and 100, including the computers that were previously restricted from ENS access. This guide assumes that you have not created any custom policies in the ENS yet.
1. Navigate to Gatekeeper -> Extended Networking -> Policies
2. Change the default rights to "are ignored" to prevent the ENS from using the System Policies
3. Click Add to create a new policy (there should be no other policies in the list at thes point)
4. Goto the Advanced tab of the new policy
5. Select "Specify which requests this recipient has rights for"
6. Click Add Filter
7. Click Add Criterion
8. Select
[This criterion is NOT met if]
[Client IP address]
[equals]
[enter the IP address of a computer that should only have access to email]
9. Click OK
repeats steps 7 -> 9 for any other computers that should only have email access.
10. Click Add Filter
11. Click Add Criterion
12. Select
[This criterion is met if]
[Server port number]
[equals]
[25]
13. Click OK
14. Click Add Filter
15. Click Add Criterion
16. Select
[This criterion is met if]
[Server port number]
[equals]
[110]
17. Click OK
18. Click OK, then OK to finalise all changes.
If this was done right, all your computers will now be able to access email, but only the computers that arn't specified in the first filter will have full access to the internet. Here is an image showing what this policies advanced tab should look like when it is finished.
This whole scenario can be done using one policy in the ENS. What we are basically going to do is specify some computer IP addresses that should not be allowed access to the ENS in a Policy Filter, and then create a couple of other Filters that grant everyone access to ports 25 and 100, including the computers that were previously restricted from ENS access. This guide assumes that you have not created any custom policies in the ENS yet.
1. Navigate to Gatekeeper -> Extended Networking -> Policies
2. Change the default rights to "are ignored" to prevent the ENS from using the System Policies
3. Click Add to create a new policy (there should be no other policies in the list at thes point)
4. Goto the Advanced tab of the new policy
5. Select "Specify which requests this recipient has rights for"
6. Click Add Filter
7. Click Add Criterion
8. Select
[This criterion is NOT met if]
[Client IP address]
[equals]
[enter the IP address of a computer that should only have access to email]
9. Click OK
repeats steps 7 -> 9 for any other computers that should only have email access.
10. Click Add Filter
11. Click Add Criterion
12. Select
[This criterion is met if]
[Server port number]
[equals]
[25]
13. Click OK
14. Click Add Filter
15. Click Add Criterion
16. Select
[This criterion is met if]
[Server port number]
[equals]
[110]
17. Click OK
18. Click OK, then OK to finalise all changes.
If this was done right, all your computers will now be able to access email, but only the computers that arn't specified in the first filter will have full access to the internet. Here is an image showing what this policies advanced tab should look like when it is finished.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests