Tom, To block all but MSN, follow the porcess below, but leave MSN on. As far as blocking MSN file transfers, that�s not a set filter in AI at the moment, however it is still doable. You need to create a customized filter and identifying the real text string that MSN file transfer puts in the packet. You can easily identify this string by using a packet sniffer utility such as tcpdump or ethereal. I hope this answers your question.
On 1/7/04 4:17 AM, "Shoval Tom" <[EMAIL PROTECTED]> wrote: > That is true, but not so helpful. > Doing that in this exact way means that you have turned it on for all and > every connections. > Most of the people who are interested in this feature (including my self) > are interested in blocking most users while allowing some. > > I have an even tougher one: > I'd like to block all P2P communications except for MSN messenger, AND block > MSN messenger file transfer. > > How is that done, if it is at all doable. > > Thanks. > > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] On Behalf Of Bobby > Tehranian > Sent: Wednesday, January 07, 2004 1:55 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] RE: [FW-1] RE: [FW-1] R�f. : [FW-1] I need help > > For those of you who want to know how to block MSN, YAHOO, and other peer to > peer services, you can do so in NGAI or higher by using the smart defense > peer to peer application layer checking. > Under the smart defense tab, expand application intelligence, then expand > web, expand http protocol, and check on peer to peer. Once its turned on > you will see all the different peer to peer services in the right side > window pane. Turn on those services that you want blocked, save and install > policy. This will do it for you. > > > > > > > > On 1/6/04 7:49 AM, "Mateo Cabrera - Easynet SRL" <[EMAIL PROTECTED]> > wrote: > >> IN FP3??? >> >> >> You must to create a 2 simple rules, >> ONE: Accepting all the traffic to the machines that you want NO BLOCKING > the >> P2P apps. To use the "http" service >> TWO: Accepting the traffic to the other machines group but in the services >> column you have to make a URI resource by default, to use with "http" >> service. >> >> Later, you must be close the SmartDashboard and to use the "dbedit" to >> modify this property: >> >> "http_detect_header_pattern_mode" >> >> changing the default value (false) to True. >> Now, you must to connect to the SmartDashboard again, and to install the >> policies. >> >> /matt >> >> >> >> >> >> >> >> >> >> >> >> >> -----Mensaje original----- >> De: Mailing list for discussion of Firewall-1 >> [mailto:[EMAIL PROTECTED] nombre de Morten >> Jensen >> Enviado el: martes, 06 de enero de 2004 7:41 >> Para: [EMAIL PROTECTED] >> Asunto: [FW-1] RE: [FW-1] R�f. : [FW-1] I need help >> >> >> Hi Bertrand >> No, you need a rule above that accepts the traffic for some users >> >> Morten >> >> -----Original Message----- >> From: Bertrand KLOTZ [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, January 06, 2004 11:04 AM >> To: [EMAIL PROTECTED] >> Subject: [FW-1] R�f. : [FW-1] I need help >> >> >> >> >> >> hello >> I'm blocking MSN messenger by dropping hhttp and https traffic to subnet >> 207.46.110.0/24 (*.msgr.hotmail.com) >> it's possible to have a rule bellow that accept this traffic for some > users. >> >> _________________________________ >> Bertrand Klotz >> GFI Informatique >> [EMAIL PROTECTED] >> >> >> >> >> >> Neeraj Jha <[EMAIL PROTECTED]> le 05-01-2004 13:10:48 >> >> Veuillez r�pondre � Mailing list for discussion of Firewall-1 >> <[EMAIL PROTECTED]> >> >> Pour : [EMAIL PROTECTED] >> cc : (ccc : Bertrand KLOTZ/DE3I/GFI/fr) >> >> Objet : [FW-1] I need help >> >> >> >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
