EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 15 December 2024, 10:50:22 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Endian Internals
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Endian Internals (Read 8794 times)
endboy
Jr. Member
Offline
Posts: 1
Endian Internals
«
on:
Friday 24 December 2010, 06:52:40 pm »
Hi,
I currently manage a small companies network. Currently, I use a debian linux server with squid as proxy, iptables etc.
However, there are various things which I cannot do because of which I considering a custom firewall product like Endian.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block facebook through their http url, people can still access https version of same URL because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. Can Endian offer a better solution than this?
2) Also if I want to block no of sites, I have enter all their URLs manually. Is there something Endian offers to ease this?
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Does Endian do this? How?
So can current users of Endian tell me if Endian is suitable product for my needs?
Logged
bernieL0max
Full Member
Offline
Posts: 30
Re: Endian Internals
«
Reply #1 on:
Monday 24 January 2011, 11:58:52 pm »
just a of short responses...
1. If you wanted to filter all outgoing HTTP/HTTPS requests, and not require the proxy to be manually configured you would enable the Endian transparent proxy, and block direct outgoing requests on those ports. I believe (and I may be wrong), that the content filter can then only block based on URL/IP from categorised sites and blacklists.
2. The Endian HTTP content filter is 'content aware', it can be configured to block based on categories, decided by a (configurable) combination of previously categorised sites, content, phrases and keywords, as well as custom blacklists and whitelists.
3. You need to disable Universal Plug and Play (UPnP), and/or the Internet Gateway Device protocol (IGD) on your router!
4. Your default outgoing rule should always be 'DENY'; only ports & services that you explicitly allowed should be allowed out... leaving apps that use random or unusual ports, such as P2P & Torrent unable to connect to servers/peers/seeds. This will also improve when you disable UPnP/IGD.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com