DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

anyone configured a 2820n to work with GFI Web Monitor

  • sohoit
  • Topic Author
  • Offline
  • New Member
  • New Member
More
02 Aug 2010 21:04 #63109 by sohoit
Hello,

I am looking to use GFI webmonitor in Simple Proxy mode with A Windows SBS 2003 server (Single NIC). Has anyone been able to configure the filter rules to block all outbound traffic on port 80 and forward it onto the SBS server for GFI to check. Before sending request back out through the Router?

The GFI 'getting started' guide has some info on it. but it appears to have steps missing. :?

thanks in advance...

Please Log in or Create an account to join the conversation.

More
26 Aug 2010 17:59 #63545 by mwalsh
Sorry, I don't have any suggestions but I would be interested to know if you got anywhere with it.

Please Log in or Create an account to join the conversation.

More
26 Aug 2010 18:30 #63546 by j.baker
what you are trying to do is policy based routing or proxy forwarding.

I wanted to do the same thing, but my draytek 28280 does not support this.

I had to use my Billion S10 SSLVPN appliance to do this.

Regards

John Baker


Vigor2820 series with firmware 3.3.5.2_RC2
ADSL

Please Log in or Create an account to join the conversation.

  • sohoit
  • Topic Author
  • Offline
  • New Member
  • New Member
More
26 Aug 2010 23:19 #63549 by sohoit
yeh I had feared this was a limitation on my 2820n.
Do you know if there is a way for the Draytek to block all outbound traffic (on all ports)unless it comes from a specific IP address or group of IP addresses. and can we then tell the router which ports to open outbound to allow traffic from those IP addresses?

Basically, I would now like to restrict all outbound traffic from all PC's on the LAN except from certain PC's and only then only have certain ports open.

Is this achievable?

regards

Please Log in or Create an account to join the conversation.

More
27 Aug 2010 07:25 #63551 by j.baker
You can do this.

Do you have any VPNs to or from your 2820? If not then this will work.

1. Create IP objects for the machines that you want to allow out
2. Create an IP Group and add these IP objects.
3. Create Service Type Objects for any traffic that that you want permitted.
4. Create Service type Group containing the Service type objects.
5. Find an empty filer (under firewall)
6. add entries to allow dns from LAN to WAN from your workstations or your server (if is is runing DNS). Add any other traffic that you want allowed.
7. Change the default action rule on the firewall general tab to Block, but remember to set the Data filter to the newly created filter.

It should now work. If not setup syslog (and the server) and enable the syslog option for the default block policy.

To undo, change the Data filter back to the original setting, and change the default policy to allow.

Have fun


Here are some service types you may need:

DNS UDP 53
HTTPS TCP 443,8443
HTTP TCP 80-82,8080
EMAIL TCP 25,110,993,995
NTP UDP 123
FTP TCP/UDP 20-21
ICMP
RTSP 554
RTMP 1935
NETBIOS TCP/UDP 135 & 139

Regards

John Baker


Vigor2820 series with firmware 3.3.5.2_RC2
ADSL

Please Log in or Create an account to join the conversation.

Moderators: Sami