I want to cut access to the internet for programs on the wingate machine.
Tried to set ENS Firewall rule: Port security; LAN to internet to deny, but doesnt change anything.
I am NOT using: NAT and Transparent proxying
All traffic form LAN and Wingate Server should got through defined proxies
Preventing Access from Qbik Server onto Internet
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Preventing Access from Qbik Server onto Internet
by blpot » Jun 15 08 10:49 pm
- blpot
- Posts: 7
- Joined: May 12 08 10:12 pm
Re: Preventing Access from Qbik Server onto Internet
by logan » Jun 16 08 4:38 pm
WinGate is a client/server application that controls the Internet access of client computers. So WinGate doesn't provide much control over local connections to the internet like you are requesting.
Are you able to install WinGate on a dedicated server in the network? I'm sure you will find your level of control over the clients much better if WinGate is installed on a server between the clients and the Internet like suggested in the WinGate installation guide.
Are you able to install WinGate on a dedicated server in the network? I'm sure you will find your level of control over the clients much better if WinGate is installed on a server between the clients and the Internet like suggested in the WinGate installation guide.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
Re: Preventing Access from Qbik Server onto Internet
by blpot » Jun 17 08 6:13 am
High logan.
Wingate is already installed on a dedicated machine. My consideration and condern is, to have double security. What happens when Wingate machine is attacked. For instance, if malware ,on what way ever, finds its way to the wingate machine this malware can easily establish connection to the internet. I.e SMTP spammer program. If this would be locked, the malware would have to use proxies, and know the right configurations.
On my firewall machine there is no need for any program to reach the internet, except wingate itself. So it´s near to close all wholes.
Wingate is already installed on a dedicated machine. My consideration and condern is, to have double security. What happens when Wingate machine is attacked. For instance, if malware ,on what way ever, finds its way to the wingate machine this malware can easily establish connection to the internet. I.e SMTP spammer program. If this would be locked, the malware would have to use proxies, and know the right configurations.
On my firewall machine there is no need for any program to reach the internet, except wingate itself. So it´s near to close all wholes.
- blpot
- Posts: 7
- Joined: May 12 08 10:12 pm
Re: Preventing Access from Qbik Server onto Internet
by logan » Jun 17 08 3:16 pm
Protecting the WinGate computer from trojans and viruses can be as simple as adopting sound computer use practices.
1. If your network computers are not required to access file sharing on the WinGate computer, disable all file shares.
2. Restrict use of the computer to designated administrators only.
3. Avoid using the computer for internet browsing.
If you want extra protection from the clients in case a client computer gets infected, there are two client side firewall zones that you can adjust. One for client connections to the Internet, and one for client connections to the WinGate computer itself. Using the client -> wingate firewall zone, you can restrict access to service (proxy) ports only, while still allowing all NAT ports.
1. If your network computers are not required to access file sharing on the WinGate computer, disable all file shares.
2. Restrict use of the computer to designated administrators only.
3. Avoid using the computer for internet browsing.
If you want extra protection from the clients in case a client computer gets infected, there are two client side firewall zones that you can adjust. One for client connections to the Internet, and one for client connections to the WinGate computer itself. Using the client -> wingate firewall zone, you can restrict access to service (proxy) ports only, while still allowing all NAT ports.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 3 guests