Protocol Control
From UntangleWiki
Contents |
About Protocol Control
Protocol Control uses an open-source tool, L7-filter. Protocol Control blocks and logs well-known protocols from entering or leaving your protected network. Unwanted protocols might include Peer-to-Peer (P2P), such Bittorent, and Instant Messaging, such as AOL Instant Messenger. You might also want to block users from playing some video games and from streaming media.
Protocol Control blocks unwanted protocols on any port. However, you must specify which protocols that you want Protocol Control to block and log. By default Protocol Control does not block any protocols; it simply logs Instant Messaging protocols.
Protocol Control uses signatures to identify unwanted protocols on all ports. Many protocols, such as Instant Messaging and Peer-to-Peer, are difficult to block with a traditional firewall because of their "port hopping" behavior. If clients are blocked after trying to connect through their default port, they will connect over port 80 or port 25. Port 80 and port 25 cannot be blocked without blocking Web and e-mail traffic. Protocol Control can identify this hopping behavior, and log and block the connections.
If Protocol Control does not support a protocol that you want to block, you can use the Untangle Server's user interface to create custom new rules to block unsupported protocols. However, not all protocols can be blocked because some protocol designers hide the protocol's signature (for example, Skype).
Blocking or Logging Network Traffic by Protocols
You can choose to block traffic—that uses a specific protocol—from either entering or leaving your protected network. Protocol Control lists most well-known protocols. You can also log such traffic in the Protocol Control Event Log and have it reported in Untangle Reports if, for example, you want to determine if anyone within the network is using a particular protocol such as file sharing.
Often System Administrators know that their network is slow due to user activity, but don't know what type of network activity is slowing down their network. If this applies to you, Untangle recommends that you first log all protocols, then review the Protocol Control's Untangle Report to determine which protocols cause poor network performance. Bittorent is frequently the culprit.
Caution: As with most Untangle Server's Software Products, you can create your own protocol control entries. However, configuring regular expressions to match Internet protocols is an advanced topic. If you create a new entry and your expression contains errors, legitimate traffic will be blocked.
To block or log a protocol:
- From Protocol Control, click the Show Settings button.
- Click the Protocol List tab.
- Select the row that corresponds to the protocol that you want to block, and select either the block checkbox, log checkbox or both.
- Click the Save button.
About Protocol Control Event Log
Use the following terms and definitions to understand the Protocol Control Event Log:
timestamp The time the event took place. action The action that was taken on the traffic. Valid values are block and pass. client The client IP address of the traffic. request reason for action The rule that was applied to the traffic. server The intended server IP address of the traffic.
