Thanks. One of the other things that worries me is those d**b programs/websites that act like proxies allowing access to anything via outgoing port 80.
Also, a Pro100 appears to be sufficient for this, or should I recommend a Pro200 only? (Or is even a SOHO3/50 OK?) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of Arnold, Paul > Sent: Friday, December 20, 2002 2:12 PM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- Gaming Center > > Your best bet is to block all traffic and then build a small "allow" list. > This will perform MOST of what you are trying to accomplish. > Start with ALLOW 80 LAN WAN and go from there. > > If you start with the SonicWALL default config, for example, you will be blocking > ports all day long as kids figure out that they can ftp on port 1234, telnet on port > 9876, IRC on port 9999, etc. > > Block them all, and start to build a small access list. > Here is an abbreviated on I built on: > Action Service Source Dest > Allow Web (HTTP) LAN * > Allow Name Service (DNS) LAN * > Allow Kerberos LAN * > Allow RTSP-Quicktime LAN * > Allow WindowsMediaPlayer LAN * > Allow RealAudio LAN * > Allow Ping LAN * > Allow whois LAN * > Allow HTTPS LAN * > Deny Default LAN * > > Then you build on this access lists for your mail server, ftp server, etc. > Clients by default cannot smtp, ssh, telnet, ftp, Pop3, etc. "Do that crap at home, > not on my LAN." > One of the only thing you have to worry about is those apps "smart" enough to > adapt to find open ports (like messenger). > In that case go to Google, search for "block messenger firewall" and apply the > theory that you think will suit you. > (I have the benefit of employing an IDS system that has signatures for messenger > clients. It emails me, and I lart the luser.) > > HTH > Paul > > -----Original Message----- > From: John Tolmachoff [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 20, 2002 4:03 PM > To: [EMAIL PROTECTED] > Subject: [SonicWALL]- Gaming Center > > > One of our "clients" is now a computer gaming center. (I am sooooo > thrilled.) > > I need to decide on a firewall for this center. > > It will have to have the ability to block the various junk kids like to use, > like Kaaza, AOL messenger, and such to keep the band width down. > > Does any one have a list or example of rules for this? > > I am dreading having to find all the programs and ports and such and build > the rules from scratch. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put > the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > > > > > LEGAL NOTICE: > Unless expressly stated otherwise, this message is confidential and may be > privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone > else is unauthorized. If you are not an addressee, any disclosure or copying of the > contents or any action taken (or not taken) in reliance on it is unauthorized and may > be unlawful. If you are not an addressee, please inform the sender immediately. > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put > the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
