D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: freezoo on November 09, 2009, 01:54:35 AM

Title: DFL-210 - How to block spyke service without close https ports?
Post by: freezoo on November 09, 2009, 01:54:35 AM

Hello,

my company have DFL-210 and it would block the use of Skype, but without blocking the service https. How can we do this?

Thanks in advance
Gianfranco

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: Fatman on November 09, 2009, 10:37:31 AM

Skype is fairly insidious, it is designed to pass through any layer 3 gateway pretty well unscathed.  Applying an HTTP ALG to the HTTP port should keep them from going out the HTTP port, but I suspect the software may yet find a way.

A layer 7 gateway of some description is advised if blocking Skype is a priority.

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: freezoo on November 10, 2009, 05:52:00 AM

Thanks for your response Fatman.

We have the many problems with bandwidth sharing and skype, what is the best solution coupled with DFL210 for Layer 7 filtering ?

The DFL-M510 NetDefend Information Security Gateway works with DFL210 or the better coupled is with DFL800?

Thanks
Gianfranco

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: Fatman on November 10, 2009, 08:23:06 AM

Unfortunately, I can't suggest products.

If you need someone to help you choose the right products for your environment then call your local pre sales line and we can walk you through what would work best for your environment,

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: chechito on November 21, 2009, 10:06:59 AM

maybe a IPS signature applied to the http traffic may help IPS policy group POLICY / P2P / POLICY

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: silica on January 26, 2010, 01:37:41 AM

Funny, when I called Dlink they suggested the DFL-210 to block Skype and P2P apps (bittorrent, limewire, and the lot)... Now after buying the product it seems its not possible. When I call Support they always have to send me to a Level 2 TECH that you cant talk to and he sends me PDFs that are useless unless you are a PRO with this Firewalls... And on the net there is not even 1 tutorial on how to block this from our networks...   This is offcourse D-Link Spanish Support, dont know how it is over the rest of the world.

Just a question too.. is it possible to Have 2 DSL ROUTERS connected to a DFL-210 and let this device share bandwith?

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: Fatman on January 26, 2010, 10:12:29 AM

Yes it is.  You do this via the route balancing options available as of 2.26.00.  Though there are some caveats as always.  You have to choose one of 3 methods to distribute the traffic.  I recommend sticky destination personally.

Title: Re: DFL-210 - How to block spyke service without close https ports?
Post by: chechito on January 26, 2010, 04:09:06 PM

you can block some p2p and im applications using IDP signatures, but always this isn't guaranteed because applications are migrating to encrypted connections like https when its impossible to detect what kind of traffic its going inside