does anyone know how to configure proxy mode (my MWG is in virtual mode - ESX) for IM clients. I know how to configure it under transparent router mode (which is not supported anymore in 7.1.6. version under virtual environment) however I don't have a clue how to do it in Proxy. I enabled XMPP and Windows Live Messenger Proxy,... now what ?
Thanky for reply,
I am aware of the follwing options:
- Transparent modes (also includes intercepting only the IM port on a firewall)
- Use an IM Client that is able to use a IM proxy
- Rewrite DNS
In my examples I have always used the rewrite DNS option. It is required to find out which servers the IM client is talking to. I am not aware of a list, but at least for Live messenger I did some research in the past (see https://kc.mcafee.com/corporate/index?page=content&id=KB69000). You can rewrite by modifying the hosts file on a client PC for testing or (later in production) use the DNS used by your clients to deliver modified IP addresses for the IM server addresses.
At the moment the IM part is not documented very well. We are working on this topic at the moment.
I am aware of transparent mode (I also succesfully configured MSN), however it's not appropriate due to the fact that MWG is configured as proxxy. IM proxy is also not possible, so the only solution is to rewrite DNS. Here I have problems...
I configured IM logging in MWG and put login.live.com and messenger.hotmail.com in host file of my Win 7 machine. This solution worked fine. However it is not suitable for enterprise deployment so I tried to configured Microsoft DNS (Server 2008 R2). I created 2 new zones (login.live.com and messenger.hotmail.com) both with A record to MWGs IP. In this configuration MSN is not able to connect and I noticed some strange behaviour on MWG. MWG alerted with to many connections (25.000+) for IM client, with no connection.
Any suggestions ?
is there any news about documentation of IM ? There is a new MWG 7.2 version out there and the sections of IM in product guied are very short again.
Despite HTTP where a proxy is defined in the RFCs there is not really a thing like an MSN or XMPP proxy.
In this way the MWG instant messaging proxy is always transparent.
Enabling a proxy in an IM client often means "take IM packets, pack it somehow in HTTP stuff and send it to the HTTP proxy".
This mode is not supported by MWG.
The MSN IM traffic is send to messenger.hotmail.com (port 1863, MSN protocol).
The original client needs access to login.live.com (port 443, HTTPS protocol) to gain an access token that is used at the beginning of the MSN connection.
The connection to login.live.com is a bit touchy as the client never display a reasonable error message (e.g. cerificate error, block messages, login to MWG).
Thanks for the aclaration and for your time. But I think I'm not understanding well. I just need to view in the charts and tables tab, the graphic of MSN traffic. I have included a new ruleset form the libray 'IM Logging' and I did configure the user IM client with the proxy address and I don't see anything.