D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: freezoo on November 09, 2009, 01:54:35 AM
-
Hello,
my company have DFL-210 and it would block the use of Skype, but without blocking the service https. How can we do this?
Thanks in advance
Gianfranco
-
Skype is fairly insidious, it is designed to pass through any layer 3 gateway pretty well unscathed. Applying an HTTP ALG to the HTTP port should keep them from going out the HTTP port, but I suspect the software may yet find a way.
A layer 7 gateway of some description is advised if blocking Skype is a priority.
-
Thanks for your response Fatman.
We have the many problems with bandwidth sharing and skype, what is the best solution coupled with DFL210 for Layer 7 filtering ?
The DFL-M510 NetDefend Information Security Gateway works with DFL210 or the better coupled is with DFL800?
Thanks
Gianfranco
-
Unfortunately, I can't suggest products.
If you need someone to help you choose the right products for your environment then call your local pre sales line and we can walk you through what would work best for your environment,
-
maybe a IPS signature applied to the http traffic may help IPS policy group POLICY / P2P / POLICY
-
Funny, when I called Dlink they suggested the DFL-210 to block Skype and P2P apps (bittorrent, limewire, and the lot)... Now after buying the product it seems its not possible. When I call Support they always have to send me to a Level 2 TECH that you cant talk to and he sends me PDFs that are useless unless you are a PRO with this Firewalls... And on the net there is not even 1 tutorial on how to block this from our networks... This is offcourse D-Link Spanish Support, dont know how it is over the rest of the world.
Just a question too.. is it possible to Have 2 DSL ROUTERS connected to a DFL-210 and let this device share bandwith?
-
Yes it is. You do this via the route balancing options available as of 2.26.00. Though there are some caveats as always. You have to choose one of 3 methods to distribute the traffic. I recommend sticky destination personally.
-
you can block some p2p and im applications using IDP signatures, but always this isn't guaranteed because applications are migrating to encrypted connections like https when its impossible to detect what kind of traffic its going inside