powered by Jive Software

Where to control access to outside transports (MSN etc.)

Hello. I have installed the Enterprise plugin demo and the license key as required. I’m using Gaim/Pidgin as a client. This works fine, but the client is able to connect at will to any outside IM network available. I do not see anywhere in the Server that I can restrict or control these external connections. Please help this is very important. I cannot use the software if we cannot control access.

I would like to know how to control which users may access which external networks. I haven’t seen any documentation about this, or any menus in the Server that relate to this. If somebody can please point me in the right direction…

Sincerely,

Christian

Vervata Co. Ltd.

the problem is you are using gaim/pidgin. That software does not require any gateways on the openfire server to access the extra services. That is one of the benefits of using Spark. It requires the gateway plugin to access those services which can be regulated in the openfire server admin.

Well, ok…but that means that anyone with a client capable of making outside connections can do that? The server cannot control what connections the client requests it to make?

That doesn’t make a lot of sense to me. Also Gaim is free, but there are also other clients that could be used to get around the Server controls as well, if they cant be blocked at the server level.

So I believe its possible to block Gaim from connecting as a client at least. What I need is something that will absolutely allow only connections the server is set to allow, and only to certain users we grant that access to. In the screen shots for Enterprise, I see configurations for setting controls on what networks are allowed. Where would I find that? I don’t see how that is related to the client being used, I cant find the access controls for that.

Is it possible to restrict who can access what networks, and not allow any back door entry by rogue clients on the internal LAN? If not, there is no security at all.

Please help,

Christian

Okay, looking at the screen shots again, I think what I am missing in the Server Admin is the section called GATEWAY SETTINGS. Why don’t I see that? Where can I find that?

Christian

I would suggst that you remove any unwanted client applications from the user machines. Not to preach but a system admin should control what software is or is not on a system on their network. This is the vital first step. If you are a windows world use group policy to disable any other clients from running, a mac world can do the same thing with the Workgroup Manager.

Gaim/Pidgin connects directly to AOL, MSN, Yahoo, IRC, Google, etc. There is no way to stop that function except with a router. In order to control the access to gateways on a client you need a client that does not support direct connect to those services (Spark). You also need to install the gateway plugin on the openfire server. This is not an enterprise feature, this is an opensource feature (for now).

Spark is a free client as well. Many clients do direct connect to services because the do not pair a server with the product. Spark is a compliment to the openfire server. They are designed around each other. Their features are interdependent to a point. Sure you can connect with any jabber client to openfire but you will not get all the benefits of the server at your disposal.

Did you get the gateways setup via the plug-ins screen in the OpenFire Admin console? Depending on the version of OpenFire, you might have to restart the service to get the plugin to be fully installed.

I agree with mtstravel that you need to only allow the Spark client on your client machines. If you are using this in an enterprise environment, you should be able to request for the other IM protocalls to be shutdown on your network except for the server running OpenFire. That one will need to have access to those ports. That should effectively close all your network holes and force your users to login to the server.