Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Proxy settings
- Thread starter tjv
- Start date
One of two ways,
1. Use a custom policy for IE to lock the settings. You can use ZFD to distribute this policy, or you can go to each system and apply the policy, or if you have a domain, you can apply it there. If you are not familure with programming a filter excpetion list with in BM, this would be your easiest way to go. You can also download IEAK from M$ and create a custom install of IE that has the proxy setting in it already and a policy with it also. I last used in with IE5.5, not sure on IE6.
2. Don't allow people to browse the web with out using the proxy. By default, the BM filters set this up for you. A filter exception you put in your self is what opened up everything. Fine tune your filters, don't just open up everything to get some program to work. This would be the most efective way. People can mess with thier systems and break through a policy if they know what they are doing. Blocking access at the gateway forcing people to use the proxy at the gateway will make their efforts pointless.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience
Certified nut case
1. Use a custom policy for IE to lock the settings. You can use ZFD to distribute this policy, or you can go to each system and apply the policy, or if you have a domain, you can apply it there. If you are not familure with programming a filter excpetion list with in BM, this would be your easiest way to go. You can also download IEAK from M$ and create a custom install of IE that has the proxy setting in it already and a policy with it also. I last used in with IE5.5, not sure on IE6.
2. Don't allow people to browse the web with out using the proxy. By default, the BM filters set this up for you. A filter exception you put in your self is what opened up everything. Fine tune your filters, don't just open up everything to get some program to work. This would be the most efective way. People can mess with thier systems and break through a policy if they know what they are doing. Blocking access at the gateway forcing people to use the proxy at the gateway will make their efforts pointless.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience
Certified nut case
- Thread starter
- #3
Sounds like you have a firewall that is wide open, and your closing ports manually. Not east to deal with since there are 65535 ports. It is best to block everything, and open up just what you want to use.
You can delete the SYS:ETC\FILTERS.? file, then at the server console execute BRDCFG to start over with your filters.
Do note any custom filters you have before this, it will kill all filters. When you open services backup like FTP, use it in statefull mode, and follow Novell's TID on setting up NTP and SMTP. Just to a serch on the NTS site for "filter exception" A nice list will come up.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience
Certified nut case
You can delete the SYS:ETC\FILTERS.? file, then at the server console execute BRDCFG to start over with your filters.
Do note any custom filters you have before this, it will kill all filters. When you open services backup like FTP, use it in statefull mode, and follow Novell's TID on setting up NTP and SMTP. Just to a serch on the NTS site for "filter exception" A nice list will come up.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Provogeek
CNE Network+ Experience
Certified nut case
- Thread starter
- #6
Setup transparent proxy within bordermanager, use the filters an disable http access from private to public, this will force everyone to go through proxy rather than jumping around it.
I'm still working on how to get this to work with FTP.
Thanks,
steven
I'm still working on how to get this to work with FTP.
Thanks,
steven
- Status
Similar threads
- Locked
- Question
- Locked
- Question