[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: [Sidewinder] Re: Messenging
From: sidewinder-admin () adeptech ! com
Date: 2003-11-11 17:41:30
[Download RAW message or body]
All,
The issue we found with IM is that the clients will call home to "momma" on just \
about every port from 21 to 80 if they cannot get out on the appropriate ports.
It depends a lot on how much you want to modify your firewall.
One thing we did was point the domains for the IM clients to the local loop back \
adapter using onboard firewall DNS. This made anyone trying to resolve \
msgr.hotmail.com {as an example} to talk to their systems own NIC.
This however did not help when people put in the specific IP addresses of the \
destination. In that case what we did was tell the firewalls if people were going to \
x.x.x.x then DENY the outbound access. This pretty much put a stop to it.
However, as IM has become more of a business tool {we have vendors requiring it as \
part of the service} we evaluated the various products and have installed Akonix \
Enforcer and the Akonix L7 Gateway products onto our network.
Richard St. John
> > > sidewinder-admin@adeptech.com 11/11/03 11:00AM >>>
Send Sidewinder mailing list submissions to
sidewinder@adeptech.com
To subscribe or unsubscribe via the World Wide Web, visit
http://mail.adeptech.com/mailman/listinfo/sidewinder
or, via email, send a message with subject or body 'help' to
sidewinder-request@adeptech.com
You can reach the person managing the list at
sidewinder-admin@adeptech.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Sidewinder digest..."
Today's Topics:
1. RE: FW: VPN (sidewinder-admin@adeptech.com)
2. Messenging (sidewinder-admin@adeptech.com)
--__--__--
Message: 1
Date: Mon, 10 Nov 2003 23:55:42 -0500
Subject: RE: [Sidewinder] FW: VPN
To: sidewinder@adeptech.com
From: sidewinder-admin@adeptech.com
Reply-To: sidewinder@adeptech.com
I actually fixed the problem. It turns out it's a terminology issue between
the sidewinder and the PIX (humm, cisco using a different terminology than
every one else, sounds like deja-vu).
I've configures a dynamic restricted connection and created an identity
with a bogus email address. Then I used the command (on the pix) "isakmp
identity key-id [my bogus email]" and it worked. It uses that string as
it's identity.
So, "email" for sidewinder is the same as "key-id" for pix. Who is off
standard, i don't know. I actually was using the email identities for the
sales rep but i didn't think that it could be used with the PIX.
Hope this helps someone else too!
> try to make NAT at home. Give the PIX a private IP address and use this as
> remote identity on the sidewinder. Further you need to configure the PIX in
> the aggressive mode and define the SA in the Sidewinder as a restriced
> client.
--__--__--
Message: 2
Date: Tue, 11 Nov 2003 10:20:11 -0500
To: <sidewinder@adeptech.com>
From: sidewinder-admin@adeptech.com
Reply-To: sidewinder@adeptech.com
Subject: [Sidewinder] Messenging
This question probably has been asked before but did anyone successfully blocked \
messaging with a sidewinder (G2)? I mostly have a problem with yahoo and MSN.
Thanks
--__--__--
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
End of Sidewinder Digest
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic