|
|
|
|
|
|
|
|
In Proxy Mode, iPrism 4.x is capable of filtering not only web accesses (HTTP/HTTPS), but also IM (instant messaging) traffic.
Note that Proxy Mode cannot be used for filtering P2P traffic.
The design of IM and P2P programs makes it next to impossible to authenticate each connection, so IM and P2P filtering is based on IP address only.
iPrism 4.x provides a new profile type for IM and P2P filtering. To access IM/P2P profiles, start Appliance Manager, go to System Configuration, click Access > IM/P2P Profiles tab, as shown below.
This profile works much like the familiar HTTP profile except that instead of blocking web sites, it blocks IM clients and P2P traffic (in Bridge Mode). You can select which IM clients get through and which P2P applications (in Bridge Mode) that are allowed to run.
Related to the above, entries for IM programs like AIM, gtalk, MSN, and Y! exist in the iGuard database in the form of categories. These categories can be blocked when profiling. A likely network configuration would include a firewall that would block the IM client ports, causing the client to eventually fall back to making an HTTP connection, at which point the IM categories take effect.
Another possibility is configuring IM clients to proxy to iPrism. All IM clients in proxy mode are blocked using the iGuard database.
In summary, the IM/P2P section, in combination with the appropriate profile (online chat) recognizes IM sessions and can block/monitor them, whether users proxy to iPrism in their IM session, or http "fallback" is used by the IM client to make the connection.
Note: When upgrading from iPrism 3.x to 4.1, the Update Wizard assigns everyone a default profile for IM/P2P filtering. You may adjust these settings to better conform with your Internet access policy.
Also See:
