6 Replies Latest reply: Oct 31, 2012 2:10 PM by jsanchez RSS

    Block Google Chat, MWG (13603)


      Good morning.  Is there a way to block Google Chat, but allow Google Mail?  I saw something about a XMPP proxy, but did not see much elaboration on it.  Thanks!

        • 1. Re: Block Google Chat, MWG (13603)



          The xmpp proxy is if you want jabber (google talk) to go through the web gateway out to the internet and do logging/filtering. It is not necessary to simply block the protocol (you can do that at the firewall level).


          Are you trying to block gmail chat inside of gmail? If so, simply block the host chatenabled.mail.google.com




          • 2. Re: Block Google Chat, MWG (13603)

            While that will work specifically for gchat, it's a bit of a wack a mole approach that we administrators aren't all that fond of. :-)


            jsanchez, in the Category content filter rules you have,  block the Messaging category but allow the Web Mail category.


            If your experience mirrors mine, it'll do exactly what you want, across all the web mail solutions.   


            This presupposes of course you don't allow third party chat clients (such as trillium or pidgin) to get directly out to the internet and get around your proxy.  This involves having egress rules on your firewall that only allow your dns,  email and web proxy servers to go outbound.   That way you'll block any third party clients for chat as well as the built in chat in the mail.google.com site.

            • 3. Re: Block Google Chat, MWG (13603)

              Ok, I blocked *talk.google.com, *chateenabled.mail.google.com, and *google.com/talk/* (this one does not seem to be working correctly...I can still get to www.google.com/talk) and that seems to have worked...Thanks for your help.

              • 4. Re: Block Google Chat, MWG (13603)

                I think you could've done it far more easily/cleanly by just blocking the category "Messaging."  Otherwise you're just playing chat wackamole.

                • 5. Re: Block Google Chat, MWG (13603)

                  Alternate/complementary solution -- configure DNS server used by MWG to be authoritative for chatenabled.mail.google.com, talk.google.com and talkx.l.google.com and return a non-existant IP address as the destination. Then configure MWG to block that IP address and category Instant Messaging. www.google.com/talk will get nailed by the Instant Messaging block and the rest of them will be blocked via DNS. If you don't want to block all Instant Messaging, block URL matches *www.google.com/talk*

                  • 6. Re: Block Google Chat, MWG (13603)

                    I created a rule to block chatenabled.mail.google.com and talk.google.com...worked great.

                    For testing, I created an alternate rule to block the entire IM category...worked great as well. (Thanks for your help, Community!!)


                    However, the jabber google talk client is not being blocked.  I know there is a way to proxy/block XMPP traffic for these clients.  I found the setting under Configuration --> Proxies --> XMPP.  For the listener IP, is listed.  Do I just change the IP to the MWG appliance and will that automatically inspect/block the traffic or is there more to it? I'm guessing this will block all jabber clients...can you just specify the Google Talk one? Thanks for your help!