This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Functionality of IM/P2P Security

Hi,

Can someone explain me how IM/P2P Security work?

•How ASG 7 permits the IM/P2P traffic (Does it makes Packet filer rules?)?
•Have I to redirect the IM/P2P traffic to the Client that is allowed to use IM/P2P?
•If I have more than one Network (DMZ, Internal,…), can I control the IM/P2P to this Networks (for Example allow the IM/P2P traffic just to the DMZ)?
•Can I Monitor (log) the IM/P2P traffic?
•Is it possible to control when (for example from 11:00 to 13:00) the IM/P2P is allowed?

Thank you,
Regards
dema

This thread was automatically locked due to age.

0 barrygould over 19 years ago

If you used the post-install wizard, it makes packetfilter rules to allow IM, etc.

You probably do want to use DNAT to forward incoming P2P.

For IM, I'd recommend using ASL's SOCKS proxy instead, if your IM clients work with SOCKS.

Yes, you can allow traffic per host or per network.

Logging P2P traffic would be a bad idea as the logs would get huge. IM should be OK.
You could do accounting however.

Time-base rules can be created.

Barry
- 0 BrucekConvergent over 19 years ago in reply to barrygould
  
  IM/P2P control is basically nothing but IPS rules with a dedicated interface (the menus there control SNORT). There is not a way to use time-based actions with these. Also, in V7, there have been some issues with those rules-which have been reported to Astaro.
  
  CTO, Convergent Information Security Solutions, LLC
  
  https://www.convergesecurity.com
  
  Sophos Platinum Partner
  
  --------------------------------------
  
  Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
  - 0 BarryG over 19 years ago in reply to BrucekConvergent
    
    To Allow IM/P2P, the wizard creates PF rules.
    
    To Block P2P, ASL7 uses the IPS (Snort).
    
    ISTM one could modify the PF rules to be time-based.
    
    I know some P2P software will try to find any open ports, but it may be manageable.
    
    Barry