This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

setting up instant messaging

Hi all

I want to allow some users to use msn and yahoo messenger, I have HTTP proxy with AD SSO so I allowed IM/chat categories for the users, I put the IP addresses in the exception list of IM/P2P.
do I need to do something else? the messengers are not working.
another question if I allowed IM/chat categories and turn off IM controlling do I have to create Packet filter rules to allow the messengers?

thanks

This thread was automatically locked due to age.

Parents

0 BarryG over 17 years ago

You need PF rules unless the IM clients are using HTTP through the proxy or you've setup them up in with the SOCKS proxy.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 newuser_01 over 17 years ago in reply to BarryG

But using messengers with HTTP proxy is not working? in the logs always "connection to server timed out" when trying to use MSN Messenger?
And I am confused: when I use the HTTP proxy and allow chat/im cats do I need to add the ip addresses in IM/P2P exception list?
do I have to configure IM clients to use the http proxy too?
Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 newuser_01 over 17 years ago in reply to newuser_01

any one having the same problem?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 newuser_01 over 17 years ago in reply to newuser_01

any one having the same problem?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 17 years ago in reply to newuser_01

Like Barry said, you definitely need the packet filter ruiles - a firewall blocks all traffic by default.

As for the Exceptions in IM/P2P: Since you have AD SSO, I thought you could assign the exception to the "'username' (User network)" instead of to hard-coded IP addresses. I haven't actually tried that though.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 newuser_01 over 17 years ago in reply to BAlfson

I will give it a try
Cancel
Vote Up 0 Vote Down

Cancel
0 newuser_01 over 17 years ago in reply to newuser_01

Well I have done the following
Created a PF rule (didn't work)
Created exception in IM/P2P and in IPS (didn't work)
Created SNAT rule only for messaging (didn't work)
The only thing that worked is to have SNAT user IP address->any->any(external interface)
Which I don't want to do because it will bypass HTTP proxy
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 17 years ago in reply to newuser_01

Hmmm....

You don't need to worry about IPS. I'm guessing from your successful SNAT idea that the problem is in the Packet Filter rules.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel