Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » HOW TO FORCE CLIENTS TO PASS THROUGH PROXY SERVER?
  •  
_MKY_

Messages: 11

Karma: 0
Send a private message to this user
Anyone knows how can i force the clients to pass through the proxy server only.
for example:
I defined:
*my winroute firewall:192.168.2.100
*clientes with fixed ip address.
*on the internet explorer of clients i setup the proxy:
proxy server:192.168.2.100, port:8080
BUT THE CLIENT where setup is
"autodetect configuration"
still have access to internet!!!!

WHAT CAN I DO for deny the access to internet when the proxy is not setup?
  •  
wiper

Messages: 112
Karma: -1
Send a private message to this user
what about those BIG letter???? drop'em...

u have only KWF as gateway? then u might try to block tcp80 out. but ur user still can use internet proxy if they know how.

It sounds like u need outgoing filter aswell, allow only what traffic u will let out... tcp8080 for surf for example.

/W

[Updated on: Tue, 18 January 2005 08:25]

  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Create the following traffic rules:

name: HTTP internet
source: firewall
dest: internet
service: HTTP, HTTPS
action: allow
translation: none

name: LAN HTTP proxy
source: LAN
dest: firewall
service: HTTP Proxy
action: allow
translation: none

name: block HTTP
source: LAN
dest: internet
service: HTTP, HTTPS
action: deny
translation: none
log: packets (to detect internet access tries)

The default proxy port is 3128 (for KWF). If you want to use port 8080 you have to change the port in the HTTP Proxy service.

Best practice for firewall configuration is deny all. Create rules that allow specific traffic after you have checked the traffic is needed.

Feite
  •  
_MKY_

Messages: 11

Karma: 0
Send a private message to this user
thxs 4 ALL....
i used that 1 week ago, but i found trouble with pop3 and smtp services.
My rules was differents; I permit all services and only was denied de http and https services, and it works but with the problem of mail.
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Disable the protocol inspector for SMTP and POP3
  •  
_MKY_

Messages: 11

Karma: 0
Send a private message to this user
I did that 1 week ago too, but i still have the problem.
any idea?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
How did you disable the protocol inspector? In the traffic rule or did you do that in the service definition? I would recommend to create two traffic rules, one for SMTP and one for POP3. In that traffic rule you set the protocol inspector to none.
  •  
_MKY_

Messages: 11

Karma: 0
Send a private message to this user
In the service definition.
I'll to create the two traffic rules u say, that's a very interesting idea.
  •  
_MKY_

Messages: 11

Karma: 0
Send a private message to this user
still not work....
any idea?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Are you using the latest version of KWF (6.0.9)?
  •  
_MKY_

Messages: 11

Karma: 0
Send a private message to this user
no, the kwf 6.0.1, but i solved the problem.
THX 4 ALL!!!.
the problem was in the firewall, in some moment between the traffic from:
1)lan to firewall, and
2)firewall to internet
the pop3 packet was eliminated.
the roule is SO SIMPLE!!

src:lan, fw, inet
dtn:lan, fw, inet
permit: dns, http proxy, pop3, smtp
LOG: yes.
NAT: yes.

SRY 4 THE RULE , IS TO BASIC, ILOGIC AND devoid of knowledge, but this works for me.
i hope optimize that.

MKY
Previous Topic: Problem With Authentication KWF 6.0.9
Next Topic: Restrict number of VPN connections
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 17 20:41:08 CET 2017

Total time taken to generate the page: 0.00515 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.