• April 18, 2024, 05:35:23 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DFL-210 - How to block spyke service without close https ports?  (Read 6371 times)

freezoo

  • Level 1 Member
  • *
  • Posts: 5
DFL-210 - How to block spyke service without close https ports?
« on: November 09, 2009, 01:54:35 AM »
Hello,

my company have DFL-210 and it would block the use of Skype, but without blocking the service https. How can we do this?

Thanks in advance
Gianfranco
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #1 on: November 09, 2009, 10:37:31 AM »
Skype is fairly insidious, it is designed to pass through any layer 3 gateway pretty well unscathed.  Applying an HTTP ALG to the HTTP port should keep them from going out the HTTP port, but I suspect the software may yet find a way.

A layer 7 gateway of some description is advised if blocking Skype is a priority.
Logged
non progredi est regredi

freezoo

  • Level 1 Member
  • *
  • Posts: 5
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #2 on: November 10, 2009, 05:52:00 AM »
Thanks for your response Fatman.

We have the many problems with bandwidth sharing and skype, what is the best solution coupled with DFL210 for Layer 7 filtering ?

The DFL-M510 NetDefend Information Security Gateway works with DFL210 or the better coupled is with DFL800?

Thanks
Gianfranco
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #3 on: November 10, 2009, 08:23:06 AM »
Unfortunately, I can't suggest products.

If you need someone to help you choose the right products for your environment then call your local pre sales line and we can walk you through what would work best for your environment,
Logged
non progredi est regredi

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #4 on: November 21, 2009, 10:06:59 AM »
maybe a IPS signature applied to the http traffic may help IPS policy group POLICY / P2P / POLICY
Logged

silica

  • Level 1 Member
  • *
  • Posts: 6
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #5 on: January 26, 2010, 01:37:41 AM »
Funny, when I called Dlink they suggested the DFL-210 to block Skype and P2P apps (bittorrent, limewire, and the lot)... Now after buying the product it seems its not possible. When I call Support they always have to send me to a Level 2 TECH that you cant talk to and he sends me PDFs that are useless unless you are a PRO with this Firewalls... And on the net there is not even 1 tutorial on how to block this from our networks...   This is offcourse D-Link Spanish Support, dont know how it is over the rest of the world.

Just a question too.. is it possible to Have 2 DSL ROUTERS connected to a DFL-210 and let this device share bandwith?
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #6 on: January 26, 2010, 10:12:29 AM »
Yes it is.  You do this via the route balancing options available as of 2.26.00.  Though there are some caveats as always.  You have to choose one of 3 methods to distribute the traffic.  I recommend sticky destination personally.
Logged
non progredi est regredi

chechito

  • Level 3 Member
  • ***
  • Posts: 193
Re: DFL-210 - How to block spyke service without close https ports?
« Reply #7 on: January 26, 2010, 04:09:06 PM »
you can block some p2p and im applications using IDP signatures, but always this isn't guaranteed because applications are migrating to encrypted connections like https when its impossible to detect what kind of traffic its going inside
Logged