Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎06-08-2005 12:00 AM

Article Id 191133

Controlling iChat communications

Article
DescriptionBlocking iChat communications.
Components
  • FortiGate 2.8 - all units
  • iChat and iChat AV
Steps or Commands

You can control iChat communications by blocking or allowing the ports iChat uses when transmitting information.

iChat AV traffic uses UDP except for ports 5190 and 5298, which are used for both TCP and UDP traffic. For details on the ports iChat uses, see the Apple Support article Using iChat AV with a firewall or NAT router.

To control iChat communications, add a new Service entry to the FortiGate unit and add a firewall policy to deny the service.

To create iChat services

  1. Go to Firewall>Service>Custom.
  2. Select Create New.
  3. Enter the name of the service.
  4. Select the protocol of UDP.
  5. Specify the Source Port number range by entering the low and high port numbers. For a single port number, enter this number in both the low and high fields.
  6. Specify the Destination Port number range by entering the low and high port numbers. For a single port number, enter this number in both the low and high fields.
  7. Select OK
  8. Repeat for TCP ports. You can add as many as required.

Because iChat uses UDP and TCP ports, create a Service Group, and include all iChat services for the various ports.

To create a service group

  1. Go to Firewall>Service>Group.
  2. Select Create New.
  3. Enter the group name
  4. Add the iChat services from the Available Services and move them to the Members column.
  5. Select OK.

Add a firewall policy for the iChat service group to control communications through this service.

To add a firewall policy

  1. Go to Firewall>Policy.
  2. Select Create New.
  3. Configure the Source, Destination and Schedule.
  4. Select the iChat service group.
  5. Select the Action as Deny or Accept.
  6. Select OK.

Note: iChat users can also communicate with AIM users. For further control, you can also prevent or allow AIM communications.

To block AIM users

  1. Go to IPS>Signature.
  2. Scroll to the IM signatures and select the blue arrow to expand the list.
  3. Select Edit for AIM.
  4. Select Drop for the Action
  5. Select OK

Note: You need to enable the signature in a protection profile, which you can select within the aforementioned firewall policy.

For more information on Firewall policies and protection profiles, see the FortiGate Administration Guide.


Labels:
1390
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.