HOW TO BLOCK GOOGLE / GTALK USING ISA SERVER 2004

Posted by on

HOW TO BLOCK GOOGLE / GTALK USING ISA SERVER 2004 (WITHOUT BLOCKING GOOGLE AND GMAIL) - ARTICLE BY MANU ZACHARIA Thanks to http://www.theadmins.info

ISA Server 2004

SOME USEFUL INFO

To block Google Talk, I am using the User-Agent field in the HTTP header. How I got it? Simple, I usedMicrosoft Network Monitor to capture packets that involved the authentication of GTalk. See the figure below:

To configure ISA Server 2004 to block Google Talk, follow the steps:

  • § Right click on the access rule that allows HTTP traffic from the internal network to the external network (Internet) and click on “Configure HTTP”. See the figure below:


  • § Click on the Signatures tab. (refer the screenshot below)

ISA Server 2004 Signature Tab

  • § Click on the Add button and enter the details as shown below:

ISA Server 2004 Signature Window

  • § Click on OK to return to the “Configure HTTP policy for rule” window. (refer screenshot below).

    .

ISA Server 2004 HTTP Policy

§ Click OK once again to close the window.

§ Now from the client’s machine, if you try to login to Google Talk using your Gmail ID, you will get the error window as shown below:

GTalk Connection Error

HOW TO BLOCK WEB BASED GTALK INSIDE GMAIL.

The easiest way to do is to block all traffic to chatenabled.mail.google.com

How we got it. Simple – again through packet capturing, but this time I used, Wireshark.

The steps are as follows:

Under ToolBox, click on New and then on URL set to create a new URL set. (refer screen shot)

Enter the details as shown below and click on OK button.

URL Set Window

  • Once we have created the URL set, click on the Tasks tab (Refer screen shot)

  • Click on "Create New Access Rule". The New Access Rule Wizard window will appear.

New Access Rule Wizard

  • Enter the Access rule name and click on Next.

Rule Action

  • Click on Deny radio button and click on Next

Protocols

  • Select All outbound traffic from the drop down list and click on next.

Access Rule Sources

  • The Access Rule Sources window will appear. Click on Add button to open the Add Network Entitieswindow

Add Network Entities

Click on Internal and click on Add button.

Access Rule Sources
  • The internal network will be added to the window. Click on Next.

Access Rule Destination

  • The Access Rule Destination window will appear. Click on Add button. The Add Network Entities window will appear.

Add Network Entities

  • Here select the URL Set created in the previous section and click Add.

Access Rule Destination

The URL set will be added to the window. Click Next.

User Sets

  • Make sure that All Users are selected and click on Next.

Finishing the Wizard

§ The Completing the New Access Rule Wizard window will appear. Click on Finish and click on Apply at the top of the window.


Now from the client’s system, when you login to Gmail account, the chat mini window on the left side of the window will be grayed out as shown below.


Error Window


Hope this was helpful in solving your sys admin issue.

Happy Administering

Comments

Post a Comment