Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » How to Allow and Deny some specific program
  •  
burger_khmer

Messages: 2
Karma: 0
Send a private message to this user
Hello Now I'm facing with some problem. My bose order me to do some task like Deny skype but allow yahoo messenger. I don't know how to solve this problem. Could anybody please find the solution to this problem. Thnk forward.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
burger_khmer wrote on Mon, 11 August 2008 10:57

Hello Now I'm facing with some problem. My bose order me to do some task like Deny skype but allow yahoo messenger. I don't know how to solve this problem. Could anybody please find the solution to this problem. Thnk forward.

Well, you can't. You can only block based on program on the PC running the program themselves, so you'd have to install (some other) firewall on all individual PC's if you want to do that.

On a firewall located on the LAN border you can only filter based on IP ports, sources and destinations. Skype uses HTTP port 80, so you can't block that without completely disabling the web. You could in theory block all Skype servers, preventing Skype from logging in. You would need a list of all Skype's servers... Doubt that's practically possible either though, because such a list might be very long and ever changing or may not publicly exist.

(Why not simply remove Skype from the client PC's and make sure everyone is running as restricted user and can't install any software themselves?)
  •  
burger_khmer

Messages: 2
Karma: 0
Send a private message to this user
Yes that's true. another thing like if I want to block only Yahoo Messenger could you please tell me which port should I block. I used to block 5000-5500 port number rang, but It dosen't work at all. I don't which port that Yahoo Messenger is using. Thank you for your time to consider me.
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
burger_khmer wrote on Tue, 12 August 2008 02:59

Yes that's true. another thing like if I want to block only Yahoo Messenger could you please tell me which port should I block. I used to block 5000-5500 port number rang, but It dosen't work at all. I don't which port that Yahoo Messenger is using. Thank you for your time to consider me.

Kind of the same story as with Skype. Yahoo Messenger may default to specific ports, but will happily use any other port that is available if the default port is unavailable. So it is next to impossible to block such programs by blocking ports. You'd have to block Yahoo's login servers.

Best way to disallow certain programs is to prevent them getting installed on the users workstations in the first place IMHO. Otherwise it gets mighty difficult.
Previous Topic: how I change http port from 80 to another number?
Next Topic: No internet, please help!
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 09:32:16 CEST 2017

Total time taken to generate the page: 0.00407 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.