Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » howto force users to use kwf's server cache and rules
  •  
siac

Messages: 3
Karma: 0
Send a private message to this user
without settings (=browser options, etc) on users' workstation (considering users can change them easily)
how to force all the requests (mostly HTTP's) and make sure they use kwf proxy, cache and http policies??

i'm thinking about routing all requests on 80, 3128, 8080 (common public proxies used to by pass kwf rules) to local.server.kwf.ip:3128 (where proxy enabled)

how can i get this done? i'm currently using 5.0.X

thank you
  •  
luizfef

Messages: 28

Karma: 0
Send a private message to this user
In nat rule:

under the rule Locall Traffic:

Source: Lan
Destination: any
Service: Http proxy
action: Permit
Translation: Nat Default
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Permit???
Shouldn't you DENY proxies if the topic starter wants to BLOCK the use of external proxies to bypass KWF?
  •  
luizfef

Messages: 28

Karma: 0
Send a private message to this user
In nat rule:

under the rule Locall Traffic:

Source: Lan
Destination: firewall
Service: Http proxy
action: Permit
Translation: Nat Default

With this rule (in first place), the destination is closed (only accessible using the KWF host)
  •  
siac

Messages: 3
Karma: 0
Send a private message to this user
thanx luizfef
ok here's the case, its 10-20 users behind kw firewall, and i drop streaming extensions and some "bad" url in http policies.

i tried this >>
Source: Lan
Destination: firewall
Service: Http proxy
action: Permit
Translation: Nat Default

Yes it works with the browser connection settings by default (blank, or automatically detect)
but its not if the user do know it was blocked then by-passing it with external proxies.
so ur rule is working, but may be i need it to be the ONLY rule that works Smile

thanx n need help again

ps: i did try settings in translation:port mapping - not sure what it does tho
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
You need to DENY other proxies.

So a rule that PERMITS proxy connection to the firewall and a rule BELOW THIS ONE that DENIES proxy connections in general.

So something like:

Source: Lan
Destination: firewall
Service: Http proxy
action: Permit

Source: any
Destination: any
Service: any
action: drop

Then the only thing allowed is proxy connections to your firewall. (Should you want to allow more, then add rules above the 'any, any, any, drop' rule. This rule should always be the last one.)
  •  
luizfef

Messages: 28

Karma: 0
Send a private message to this user
  •  
siac

Messages: 3
Karma: 0
Send a private message to this user
i never aware of orders
and there're imported rules from prev version in between.
its working now, thanks guys
Previous Topic: Port Forwarding in Gunz Online???
Next Topic: Yahoo Messenger Webcam?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 17:55:48 CET 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.