Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 3063 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

setting up instant messaging

newuser_01
Hi all

I want to allow some users to use msn and yahoo messenger, I have HTTP proxy with AD SSO so I allowed IM/chat categories for the users, I put the IP addresses in the exception list of IM/P2P.
do I need to do something else? the messengers are not working.
another question if I allowed IM/chat categories and turn off IM controlling do I have to create Packet filter rules to allow the messengers?

thanks


This thread was automatically locked due to age.
  • 0
    You need PF rules unless the IM clients are using HTTP through the proxy or you've setup them up in with the SOCKS proxy.

    Barry
  • 0 in reply to BarryG
    But using messengers with HTTP proxy is not working? in the logs always "connection to server timed out" when trying to use MSN Messenger?
    And I am confused: when I use the HTTP proxy and allow chat/im cats do I need to add the ip addresses in IM/P2P exception list? 
    do I have to configure IM clients to use the http proxy too?  
    Thanks
  • 0 in reply to newuser_01
    any one having the same problem?
  • 0 in reply to newuser_01
    Like Barry said, you definitely need the packet filter ruiles - a firewall blocks all traffic by default.

    As for the Exceptions in IM/P2P: Since you have AD SSO, I thought you could assign the exception to the "'username' (User network)" instead of to hard-coded IP addresses.  I haven't actually tried that though.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to newuser_01
    Well I have done the following 
    Created a PF rule (didn't work)
    Created exception in IM/P2P and in IPS (didn't work)
    Created SNAT rule only for messaging (didn't work)
    The only thing that worked is to have SNAT user IP address->any->any(external interface)
    Which I don't want to do because it will bypass HTTP proxy
  • 0 in reply to newuser_01
    Hmmm....

    You don't need to worry about IPS.  I'm guessing from your successful SNAT idea that the problem is in the Packet Filter rules.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I have the same problem, I have HTTP proxy with AD SSO and all IM/P2P are blocked but I need to allow some especific user to use Gtalk an MSN Messenger.I tried adding an exception by user and by Host didn't work, created PF rules also didn't work, gave permissions to the chat category in the http profile....the only way to make it work is disabling the Gtalk IM blockage...anyone who got a solution?
  • 0
    I would check your logs while someone tries to connect with IM and see what is being reported. Without the logs, it's hard to tell which service may be giving you fits. If you post them, I'm sure we'd be glad to help out.