Clicky

dear sir

i have need to creat a rule on TMG 2010 about denied all the applications on pc to connect to the internet & get updates like ( Adobe Acrobat - Some Antivirus engines - etc....) and allow only for some internet browsers to request from the TMG server like ( internet explorer -firefox-......etc)
anyone have an idea for what i can do this with TMG????

asked 06/07/2011 10:09

asfourcrystal's gravatar image

asfourcrystal ♦♦


4 Answers:
Sorry - I have absolutely no clue what you are asking for here.
link

answered

keith_alabaster's gravatar image

keith_alabaster

dear keith

thanks for your reply

i want to add a rule to deny the users who have applications always connect to the internet and get updates you know like Adobe Acrobat for example and allow only the client agents like internet explorer or firefox browsers to connect to the inetrnet so i mean the browsing only
link

answered 2011-06-08 at 22:11:31

asfourcrystal's gravatar image

asfourcrystal

TMG can use the HTTP filter to block content based on certain signatures but I don't think it has the ability to perform the opposite which is allowing only content which contains a certain header.  For instance, we didn't want anyone to be able to use Firefox on the network to browse the internet so we blocked it using it's User-Agent request header it passes when requesting content from the Internet.  You could do the same for each application you are trying to block but it would require you either finding someone that has already done it for that particular application or capturing the traffic via a network sniffer and finding a unique request header you use to block it.  Here's a reference of common signatures for some apps.  http://technet.microsoft.com/en-us/library/cc302520.aspx

Here's a link that discusses how to configure the signatures in the http policy:
http://technet.microsoft.com/en-us/library/bb794802.aspx

link

answered 2011-06-08 at 23:33:59

kain21's gravatar image

kain21

hi

well you can denied those websites whose application you do not want to update

or you can do by using signature

http://www.carbonwind.net/Forefront_TMG/NIS_Det_Meth/NIS_Det_Meth.htm

you can also block the updates link on client host file and easily with group policy ........

Regards,

Osama Mansoor
link

answered 2011-06-09 at 07:09:16

infoplateform's gravatar image

infoplateform

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

Asked: 06/07/2011 10:09

Seen: 1202 times

Last updated: 12/17/2011 07:50