Do NOT use SmartDefense. You may be asking for trouble down the road. I've
use Smartdefense for some of the features in there. It works for one thing
but
break something else along the way. By the way, SmartDefense comes with
Checkpoint. It is built-in. You don't have to pay for it, sort of. You
just have
to pay for new update. Think of it like Anti-virus software. Smartdefense
model
is similar to that. If you don't pay, then you can not update Smartdefense
with
new updates.
That being said. I am running R55w with HFA_04 on SPLAT and the way you block
MSN is as follows. I tested it and it works:
Source Dest Service Action
Track
Intenal Net msn.com Any drop
Log
hotmail.com
login.passport.com
That being said. It is extremely difficult to block IMs like msn, yahoo,
aol, etc....
Remember to block Terminal Services and ssh while you're at it because if you
don't, people can remote desktop back to their home machine and log in MSN
that way. Worse, if you allow SSH outbound, you will also allow people to SSH
back to their home machine and tunnel ALL traffics via SSH and you will not be
able to see a thing because the traffics are encrypted. I know because I do
this
all the times. But these are for advanced IT folks. Regular users wouldn't
know
how to do this, I think.
Try it and let us know. HTH.
cisco4ng
Stig Bull <stig.bull AT HUGINGROUP DOT COM> wrote:
Dear list, I have been given the task of blocking MSN Messenger in the
office firewall.
However, after some rather extensive Googling, I see that this is far
more difficult than it appears to be, and the web sites I found with
claimed solutions for blocking MSN, simply didn't work.
Here's what I've done so far (after Googling):
Blocked access to gateway.messenger.hotmail.com, messenger.hotmail.com
and webmessenger.msn.com; all traffic, inbound and outbound. I've also
blocked port 1863 (TCP, UDP), 6891-6900 (TCP), 5190 (UDP) and 6901
(UDP).
Still people are able to connect MSN Messenger with no problem at all. I
suspect this is because the server's I'm trying to block, have several
different IP addresses.
I've read that some think the best way is SmartDefense, but I'm not sure
if I need a license for it. At least it tells me when I try to update it
(NG AI R55 by the way) that SmartDefense updates require a SmartDefense
subscription license, so I really haven't looked into it at all.
Is there any successfull way of blocking MSN Messenger which really
works?
--
Regards
Stig Bull
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
---------------------------------
Yahoo! Photos
Got holiday prints? See all the ways to get quality prints in your hands ASAP.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
