What advanced rules for Sygate behind Router?

Discussion in 'other firewalls' started by poirot, Dec 13, 2005.

Thread Status:
Not open for further replies.
  1. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    I run Sygate Pro and SPF in my two pcs to which i recently added a Router protection. After Symantec purchased Sygate i wanted to change,but for one reason or another i wasnt yet able to pickup a replacement and probably will use Sygate for another year or so.
    I'd like to improve the outgoing detection capabilities of both Sygate's versions,though,if this can be achieved.
    I normally run FF ,but both FF and IE are set to 'Ask' and not 'allow' in Applications.
    No application in sygate has 'Act As Server'enabled.
    I dont have any Advanced Rules set in the Pro,while i only use the Kerio 2.1.5 ICMP rules outlined by Raven Alder,BZ and others for the Sygate Free version (7 in number).
    This way all was fine ,but, considering the increasing dangers and the fact i run Skype in one pc,(they dont share files,anyway), perhaps someone can point out to more restrictive and effective Advanced Rules to be made to take care of the out flow of applications........(considering the fact 20 is the limit in SPF).
    poirot
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    The Pro version already has component control and that application hijacking feature so that combined with the regular app control seems like it should be fairly effective at catching problems. I'd just use the Pro version on all machines. You can skip the rules unless you have a specific need for them, or want to limit ports or IPs etc...
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    Actually free and pro are identical in those features you mentioned Kerodo.
    Pro has IDS and some spoofing features etc. Not much more than free.
    One thing is pro having the option of boot time and shutdown protection (while the firewall service is not loaded that the free one has not.
     
  4. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Thanks Kerodo and Jarmo P (same Jarmo as in Sygate Forum,i guess), if both of you think there's not much to do then let it be...
    My Pro version works flawlessly and superbly,not needing any more rule and even catching once in a while some UDP or ARP attack that went past the router.
    (by the way,i wonder if now that the firewall is dead its possible to legally run the Pro version in place of the free one)

    My residual concern is about the pc with SPF (+DLink Router) which runs the considerable background traffic of Skype -although i unchecked in Skype/Connections the option to use ports 80 and 443 as alternatives, as ' prescribed' - still i guess there might be some other measure to take to reinforce security,perhaps.
    In the realm of Advanced or Application Rules,maybe.

    I've used Kerio2.1.5 in the past and it gave me the impression to be stronger than SPF regarding the outgoing,perhaps because it was all configurable,just a conjecture, so at a certain point i tried to run sygate Free with all the previous Kerio rules i used, i managed to accomodate about 18-20 of them and it was working really well, maybe i'll try again with a view to the fact i have a Router now and privileging the watch on the out flow.
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    I run Skype too and true it generates a lots of traffic. Users computers if powerful enough get to act as so called supernodes in serving Skype's p2p traffic to others users.

    Nothing you can do about it in advanced rules. Wish SPF had selective logging and allow excluding Skype connections. Traffic log fills up pretty fast, maybe in a couple of hours when otherwise more than a day in my usage.
    Allow only that specific port in SPF tcp and udp inbound connections that you can read in Skype settings Tools/options/connection. Either in SPF application rule Or make advanced rules and disable in application rule 'act as server'.

    Edit:
    Kerio 2.1.5 is in normal usage a packet filter and thus it has no ASK in all wide allow all ports so called application rules in praxis.
    Kerio 4.2.2 on the other hand has a powerful application control, but Kerio 4 is more unstable than SPF IMO.
     
    Last edited: Dec 14, 2005
  6. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Thanks for reminding me about this Jarmo,i did it,the rest you suggest was already done.

    Luckily the router relieves some of the burden caused by Skype otherwise it would be tragic:) ,unfortunately Sygate was nortonised before they had the chance to correct things like 'selective logging' and the always enabled 'Act as Server' in Applications! (2 of the 3 thorns of Sygate)
    Regarding Kerio ,although i like 4.2 in principle, i cant forget that i made some experiments about two years ago using a 230 MHZ-128 RAM notebook: in this laptop which i had successfully used with Kerio 2.1.5 , Sygate PF free and even Sygate 5.5 PRO without any problem whatsoever, i tried to install Kerio 4.1......i tried twice in Windows and once in SafeMode,but it wouldnt even install/start properly,such was the difference in resources consumption among the afore mentioned!
    I have no difficulty believing you when you speak of Kerio being less stable than Sygate...
     
Loading...
Thread Status:
Not open for further replies.