PDA

View Full Version : Block Chat - Group Wise



manuadoor
2010-03-08, 03:26
Dear Team,

I want to allow Gtalk/Yahoo chat only for certain users/group and to block for the rest. What to do?

rubber_chicken
2010-03-08, 03:55
Put a web filter/proxy in front of your firewall and force everyone to use that.

manuadoor
2010-03-08, 04:44
You mean to say that its not possible to control groupwise in Checkpoint, Right..

boldin
2010-03-08, 12:25
It may be possible after the changes take effect from where CP bought out the FaceTime database...

I don't know when those will become available, but for right now I think it's speculative to guess.

In any case, I don't know of a way to do what you're asking at the current time using the current Check Point tools/technology.

rubber_chicken
2010-03-08, 14:40
I don't know of a way to do what you're asking at the current time using the current Check Point tools/technology.

Ditto here: the problem as I see it is that you're wanting to be quite granular with combination of both application and user level.

For now your best bet is to put a web filter in place (BlueCoat/M86 Security/Websense/... etc) and do it there.

northlandboy
2010-03-08, 15:03
You mean to say that its not possible to control groupwise in Checkpoint, Right..

Part of your problem is identifying those users. Do you want them all to authenticate to the firewall first? How do you want the firewall to know which connection matches which user?

There's also the problem of blocking the services themselves. Some, such as GTalk, are easy to block (read Google's instructions for this). But others, such as Skype, are quite difficult to block, due to the nature of Skype.

If you want proper control over what your users are doing, the right answer is a proxy, and force them to use that. If you're not already proxying your users, you've got no visibility and no evidence. Plus if you've got a few users, you're wasting bandwidth, but that's a different issue.