• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Block Google Talk

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> General >> Block Google Talk Page: [1]
Login
Message << Older Topic   Newer Topic >>
Block Google Talk - 17.Sep.2005 6:48:00 AM   
Anjaana

 

Posts: 5
Joined: 5.May2005
From: Pakistan
Status: offline
Dear All,

I have ISA 2K over 2K OS.
I want to block google talk.

Regards,

Anjaana
Post #: 1
RE: Block Google Talk - 17.Oct.2005 10:51:00 AM   
Guest
hi,
go to protocol rule remove the HTTPS protocol from the list of rule you want to apply the said permission....thats all [Smile]

(in reply to Anjaana)
  Post #: 2
RE: Block Google Talk - 1.Dec.2005 9:35:23 AM   
vinaybagla

 

Posts: 2
Joined: 1.Dec.2005
Status: offline
as you rightly said we can block the HTTPS port for blocking googletalk but then blocking the HTTPS port blocks all the secure sites. Can we just not block the voice chat facility of Google Talk or block only Google Talk without hampering access to Secure Sites(i.e.gmail.com, hotmail.com, trading sites..etc etc..)

(in reply to Guest)
Post #: 3
RE: Block Google Talk - 7.Dec.2005 2:52:33 PM   
zzz343

 

Posts: 764
Joined: 19.Feb.2002
From: World's 7th Nuclear Power
Status: offline
Block destination in S&C rule " talk.google.com "
&
Block port 5222  OR  443.

_____________________________

Regards,
Syed Jahanzaib

Email : aacable@hotmail.com

(in reply to vinaybagla)
Post #: 4
RE: Block Google Talk - 9.Dec.2005 7:11:00 PM   
vinaybagla

 

Posts: 2
Joined: 1.Dec.2005
Status: offline
but that blocks the whole of google talk..cant only the voice chat be blocked...?

(in reply to zzz343)
Post #: 5
RE: Block Google Talk - 21.Jan.2007 2:28:26 PM   
ameya.sathye

 

Posts: 3
Joined: 21.Jan.2007
Status: offline
I have created a rule to block the Google talk application. here is the policy
_________________________


<?xml version="1.0" encoding="UTF-8"?>
<fpc4:Root xmlns:fpc4="http://schemas.microsoft.com/isa/config-4" xmlns:dt="urn:schemas-microsoft-com:datatypes" StorageName="FPC" StorageType="0">
<fpc4:Build dt:dt="string">4.0.2165.594</fpc4:Build>
<fpc4:Comment dt:dt="string"/>
<fpc4:Edition dt:dt="int">80</fpc4:Edition>
<fpc4:ExportItemClassCLSID dt:dt="string">{59740B3A-8771-492C-AF59-7764F4F939EF}</fpc4:ExportItemClassCLSID>
<fpc4:ExportItemStorageName dt:dt="string">{8E707815-6D40-442D-8E29-B359BEEDB877}</fpc4:ExportItemStorageName>
<fpc4:IsaXmlVersion dt:dt="string">1.10</fpc4:IsaXmlVersion>
<fpc4:OptionalData dt:dt="int">4</fpc4:OptionalData>
<fpc4:Upgrade dt:dt="boolean">0</fpc4:Upgrade>
<fpc4:Arrays StorageName="Arrays" StorageType="0">
 <fpc4:Array StorageName="{E3496F0D-AC97-432B-A842-29397F5E4BC1}" StorageType="0">
  <fpc4:Components dt:dt="int">-1</fpc4:Components>
  <fpc4:Name dt:dt="string"/>
  <fpc4:ArrayPolicy StorageName="ArrayPolicy" StorageType="0">
   <fpc4:Name dt:dt="string"/>
   <fpc4:PolicyRules StorageName="PolicyRules" StorageType="0">
    <fpc4:PolicyRule StorageName="{8E707815-6D40-442D-8E29-B359BEEDB877}" StorageType="1">
     <fpc4:Action dt:dt="int">1</fpc4:Action>
     <fpc4:Enabled dt:dt="boolean">1</fpc4:Enabled>
     <fpc4:Name dt:dt="string">Google talk </fpc4:Name>
     <fpc4:Order dt:dt="bin.hex">0ffcffff03000000a0e51ea28f3dc701a0c723a28f3dc70100b77fab8f3dc701</fpc4:Order>
     <fpc4:SelectionIPs StorageName="SourceSelectionIPs" StorageType="1">
      <fpc4:Refs StorageName="Networks" StorageType="1">
       <fpc4:Ref StorageName="{BA0C6A3A-2A6C-40A8-A1DA-A8914E6ED8DD}" StorageType="1">
        <fpc4:Name dt:dt="string">{4E32B556-0FAF-4A27-9111-085F679EDC9B}</fpc4:Name>
        <fpc4:RefClass dt:dt="string">msFPCNetwork</fpc4:RefClass>
       </fpc4:Ref>
      </fpc4:Refs>
      <fpc4:Refs StorageName="NetworkSets" StorageType="1"/>
      <fpc4:Refs StorageName="Computers" StorageType="1"/>
      <fpc4:Refs StorageName="AddressRanges" StorageType="1"/>
      <fpc4:Refs StorageName="Subnets" StorageType="1"/>
      <fpc4:Refs StorageName="ComputerSets" StorageType="1"/>
     </fpc4:SelectionIPs>
     <fpc4:AccessProperties StorageName="AccessProperties" StorageType="1">
      <fpc4:ProtocolSelectionMethod dt:dt="int">1</fpc4:ProtocolSelectionMethod>
      <fpc4:SelectionIPs StorageName="DestinationSelectionIPs" StorageType="1">
       <fpc4:Refs StorageName="Networks" StorageType="1">
        <fpc4:Ref StorageName="{D44C2391-172F-4D1A-891F-87DDAA42A598}" StorageType="1">
         <fpc4:Name dt:dt="string">{F129EACF-778B-44FE-B339-5B752D7220A3}</fpc4:Name>
         <fpc4:RefClass dt:dt="string">msFPCNetwork</fpc4:RefClass>
        </fpc4:Ref>
       </fpc4:Refs>
       <fpc4:Refs StorageName="NetworkSets" StorageType="1"/>
       <fpc4:Refs StorageName="Computers" StorageType="1"/>
       <fpc4:Refs StorageName="AddressRanges" StorageType="1"/>
       <fpc4:Refs StorageName="Subnets" StorageType="1"/>
       <fpc4:Refs StorageName="ComputerSets" StorageType="1"/>
      </fpc4:SelectionIPs>
      <fpc4:Refs StorageName="DestinationDomainNameSets" StorageType="1"/>
      <fpc4:Refs StorageName="ProtocolsUsed" StorageType="1">
       <fpc4:Ref StorageName="{DB62864C-C96D-4A31-9546-F615E9585F07}" StorageType="1">
        <fpc4:Name dt:dt="string">{AD569E30-643E-412B-BBDA-2F1E0FBC6A3C}</fpc4:Name>
        <fpc4:RefClass dt:dt="string">msFPCProtocol</fpc4:RefClass>
       </fpc4:Ref>
      </fpc4:Refs>
      <fpc4:Refs StorageName="ContentTypeSetsUsed" StorageType="1"/>
      <fpc4:Refs StorageName="URLSet" StorageType="1"/>
      <fpc4:Refs StorageName="UserSets" StorageType="1">
       <fpc4:Ref StorageName="{6741448D-D873-4E1E-82AC-EAFFD9E27348}" StorageType="1">
        <fpc4:Name dt:dt="string">{DFFB7833-9365-4184-AABC-7CAFB018A7FA}</fpc4:Name>
        <fpc4:RefClass dt:dt="string">msFPCUserSet</fpc4:RefClass>
       </fpc4:Ref>
      </fpc4:Refs>
     </fpc4:AccessProperties>
    </fpc4:PolicyRule>
   </fpc4:PolicyRules>
  </fpc4:ArrayPolicy>
  <fpc4:NetConfig StorageName="NetConfig" StorageType="0">
   <fpc4:Networks StorageName="Networks" StorageType="0">
    <fpc4:Network StorageName="{4E32B556-0FAF-4A27-9111-085F679EDC9B}" StorageType="2">
     <fpc4:Description dt:dt="string">Network representing the internal network.</fpc4:Description>
     <fpc4:EnableAutoDiscovery dt:dt="boolean">1</fpc4:EnableAutoDiscovery>
     <fpc4:EnableFirewallClients dt:dt="boolean">1</fpc4:EnableFirewallClients>
     <fpc4:EnableWebProxyClients dt:dt="boolean">1</fpc4:EnableWebProxyClients>
     <fpc4:Name dt:dt="string">Internal</fpc4:Name>
     <fpc4:NetworkType dt:dt="int">4</fpc4:NetworkType>
     <fpc4:IpRangeSet StorageName="IpRangeSet" StorageType="2">
      <fpc4:IpRangeEntry StorageName="{CC55A7EB-F03F-426A-A5F9-0B2F0F64E732}" StorageType="2">
       <fpc4:IPFrom dt:dt="string">192.168.1.1</fpc4:IPFrom>
       <fpc4:IPTo dt:dt="string">192.168.1.254</fpc4:IPTo>
      </fpc4:IpRangeEntry>
     </fpc4:IpRangeSet>
     <fpc4:ProxyLDT StorageName="Proxy-LDT" StorageType="2">
      <fpc4:ProxyLDTEntry StorageName="{CB37117F-F190-43F4-8C68-3617BE697D3F}" StorageType="2">
       <fpc4:Name dt:dt="string">.capntelbom.local</fpc4:Name>
      </fpc4:ProxyLDTEntry>
     </fpc4:ProxyLDT>
     <fpc4:ProxyClientConfig StorageName="ProxyClientConfig" StorageType="2">
      <fpc4:WinsockClientConfig StorageName="WinsockClientConfig" StorageType="2">
       <fpc4:ServerOrArrayNameOrIP dt:dt="string">isa</fpc4:ServerOrArrayNameOrIP>
      </fpc4:WinsockClientConfig>
      <fpc4:BrowserClientConfig StorageName="BrowserClientConfig" StorageType="2">
       <fpc4:BrowserConfigAutoDetect dt:dt="boolean">1</fpc4:BrowserConfigAutoDetect>
       <fpc4:BrowserConfigEnabled dt:dt="boolean">1</fpc4:BrowserConfigEnabled>
       <fpc4:BrowserConfigScriptAddress dt:dt="string">http://isa</fpc4:BrowserConfigScriptAddress>
       <fpc4:BrowserConfigScriptEnabled dt:dt="boolean">1</fpc4:BrowserConfigScriptEnabled>
       <fpc4:ServerOrArrayName dt:dt="string">isa</fpc4:ServerOrArrayName>
       <fpc4:ProxyClientAutoScript StorageName="ProxyClientAutoScript" StorageType="2">
        <fpc4:PublicNames StorageName="PublicNames" StorageType="2">
         <fpc4:PublicNameStrings/>
        </fpc4:PublicNames>
        <fpc4:IpRangeSet StorageName="IpRangeSet" StorageType="2"/>
        <fpc4:ProxyClientBackupRoute StorageName="ProxyClientBackupRoute" StorageType="2">
         <fpc4:Enabled dt:dt="boolean">1</fpc4:Enabled>
        </fpc4:ProxyClientBackupRoute>
       </fpc4:ProxyClientAutoScript>
      </fpc4:BrowserClientConfig>
     </fpc4:ProxyClientConfig>
     <fpc4:WebListenerProperties StorageName="WebListenerProperties" StorageType="2">
      <fpc4:BasicAuthentication dt:dt="boolean">1</fpc4:BasicAuthentication>
      <fpc4:Domain dt:dt="string">capntelbom.local</fpc4:Domain>
      <fpc4:SSLPort dt:dt="int">0</fpc4:SSLPort>
      <fpc4:TCPPort dt:dt="int">8080</fpc4:TCPPort>
      <fpc4:Refs StorageName="AuthenticationSchemes" StorageType="2"/>
      <fpc4:AppliedSSLCertificates StorageName="AppliedSSLCertificates" StorageType="2"/>
     </fpc4:WebListenerProperties>
    </fpc4:Network>
    <fpc4:Network StorageName="{F129EACF-778B-44FE-B339-5B752D7220A3}" StorageType="2">
     <fpc4:Description dt:dt="string">Built-in network object representing the Internet.</fpc4:Description>
     <fpc4:Name dt:dt="string">External</fpc4:Name>
     <fpc4:NetworkType dt:dt="int">3</fpc4:NetworkType>
     <fpc4:WebListenerProperties StorageName="WebListenerProperties" StorageType="2">
      <fpc4:SSLPort dt:dt="int">0</fpc4:SSLPort>
      <fpc4:TCPPort dt:dt="int">8080</fpc4:TCPPort>
      <fpc4:AppliedSSLCertificates StorageName="AppliedSSLCertificates" StorageType="2"/>
     </fpc4:WebListenerProperties>
    </fpc4:Network>
   </fpc4:Networks>
  </fpc4:NetConfig>
  <fpc4:RuleElements StorageName="RuleElements" StorageType="0">
   <fpc4:Protocols StorageName="Protocols" StorageType="0">
    <fpc4:Protocol StorageName="{AD569E30-643E-412B-BBDA-2F1E0FBC6A3C}" StorageType="2">
     <fpc4:Components dt:dt="int">-5</fpc4:Components>
     <fpc4:Guid dt:dt="string">{AD569E30-643E-412B-BBDA-2F1E0FBC6A3C}</fpc4:Guid>
     <fpc4:Name dt:dt="string">google talk </fpc4:Name>
     <fpc4:Predefined dt:dt="boolean">0</fpc4:Predefined>
     <fpc4:ProtocolCategory dt:dt="int">1</fpc4:ProtocolCategory>
     <fpc4:ProtocolConnections StorageName="SecondaryConnections" StorageType="2">
      <fpc4:ProtocolConnection StorageName="{884B4C22-6116-40C1-A1C8-94C07B14D289}" StorageType="2">
       <fpc4:Direction dt:dt="int">1</fpc4:Direction>
       <fpc4:PortHigh dt:dt="int">433</fpc4:PortHigh>
       <fpc4:PortLow dt:dt="int">433</fpc4:PortLow>
      </fpc4:ProtocolConnection>
     </fpc4:ProtocolConnections>
     <fpc4:Refs StorageName="ApplicationFilters" StorageType="2"/>
     <fpc4:ProtocolConnections StorageName="PrimaryConnections" StorageType="2">
      <fpc4:ProtocolConnection StorageName="{1141FA81-99F1-424E-9EEC-F250037D00EB}" StorageType="2">
       <fpc4:Direction dt:dt="int">1</fpc4:Direction>
       <fpc4:PortHigh dt:dt="int">5222</fpc4:PortHigh>
       <fpc4:PortLow dt:dt="int">5222</fpc4:PortLow>
      </fpc4:ProtocolConnection>
     </fpc4:ProtocolConnections>
    </fpc4:Protocol>
   </fpc4:Protocols>
   <fpc4:UserSets StorageName="User-Sets" StorageType="0">
    <fpc4:UserSet StorageName="{DFFB7833-9365-4184-AABC-7CAFB018A7FA}" StorageType="2">
     <fpc4:Description dt:dt="string">Predefined user set representing all users. A rule defined using this set will apply to all users, both authenticated and unauthenticated.</fpc4:Description>
     <fpc4:Name dt:dt="string">All Users</fpc4:Name>
     <fpc4:Predefined dt:dt="boolean">1</fpc4:Predefined>
    </fpc4:UserSet>
   </fpc4:UserSets>
  </fpc4:RuleElements>
 </fpc4:Array>
</fpc4:Arrays>
</fpc4:Root>
_________________________________________________
It will block only google talk . it will not block the SSL site(https) .
Please give me your feedback on this .


_____________________________

With Regards,
Ameya

(in reply to Anjaana)
Post #: 6
RE: Block Google Talk - 14.Apr.2007 12:54:48 AM   
srstought1

 

Posts: 1
Joined: 14.Apr.2007
Status: offline
I have tried a policy map on 7.22 pix for DNS with little success. I suspect that  a simple acl may do the trick. I must wait until Monday to try it in our lab but I have had some success with my DLink (I had to use explicit addresses). While it is true that blocking all of https may be undesirable but my traces show that when 5222 is blocked the connection is eventually going to establish on 443.  The acl will be along these lines with gmail or any other https application of your choice permitted:

access-list Inside-test deny any any eq 5222
access-list Inside-test permit any gmail.google.com eq https
access-list Inside-test deny any *.google.com eg https

Regards,
Steve.

(in reply to ameya.sathye)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> General >> Block Google Talk Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts