Tweet
Instant Messaging App IMO not blocked by Firewall Rules for no internet.
So after extensive testing I came to the conclusion that IMO (on Android mobile) keeps working even where the internet access is totally blocked.
My Topology
========
ISP Home Fibre Gateway ==> Untangle Transparent Bridge (2 NICs) ==> Tomato based Netgear Router/APs ==> Wired/Wireless Devices.
I am not using SSL Inspector - I am not sure is it mandatory in my intended scenario or not. As I understand I would have to manually import the certificate on a number of devices (50 plus including PC/Mobiles/TVs/Gaming Consoles/SmartHome IoT) - which is a rather tedious task I am putting off.
My Scenario - spanning across Policy - Firewall - Application Control
==========================================
Wanted to block access to certain identified devices (Mobiles Phones by IP address) for complete internet blackout during the day except for an hour and a half .
So made a policy + rule like below - to identify and tag devices for this specific policy
Onwards I enabled the bare minimum apps I understood I would need to control access for internet blackout and controlling certain IM apps even when internet is available.
So added only the below apps - knowing that probably firewall and application control is all what I need.
Made the following firewall rule
In addition to the firewall - i wanted to control the IM apps (since I saw that firewall is unable to block - more on that laters) . So used application control as follows
Revelations
=======
After setting up the above - in my wee mind - I had conquered it all and achieved the holy grail of super fine grained control to what and what not can be done on my network - assuming the controls are working as desired.
I found out that on the target mobiles (devices) - when the policy time is active, the internet reachability is blocked (the Wifi Connection icon on the mobile shows a little cross symbol) plus no browser pages can be opened -- HOWEVER - the IMO + Whatsapp messaging apps on the mobile keeps working - receiving and sending audio/video calls + messages. I am more focused on IMO.
I tried various modes of connection
1. One mobile on 5G and another on home network - IMO keeps working.
2. Both mobiles assigned to the restrictive policy - IMO keeps working.
3. Establishing an active call session minutes before policy restriction time comes in effect - to see if the call is disconnected - IMO keeps working.
In short despite internet browsing being blocked (not sure what other background services still work) - the IMO app keep working.
Seems like firewall and application control are rendered useless to block this app - plus the firewall rule should block all and any kind of access to internet - as i understand.
Can anyone point me in the right direction if I am missing anything or there is any other way of blocking this/all such apps.
Thanks for your time and responses.
My Topology
========
ISP Home Fibre Gateway ==> Untangle Transparent Bridge (2 NICs) ==> Tomato based Netgear Router/APs ==> Wired/Wireless Devices.
I am not using SSL Inspector - I am not sure is it mandatory in my intended scenario or not. As I understand I would have to manually import the certificate on a number of devices (50 plus including PC/Mobiles/TVs/Gaming Consoles/SmartHome IoT) - which is a rather tedious task I am putting off.
My Scenario - spanning across Policy - Firewall - Application Control
==========================================
Wanted to block access to certain identified devices (Mobiles Phones by IP address) for complete internet blackout during the day except for an hour and a half .
So made a policy + rule like below - to identify and tag devices for this specific policy
Onwards I enabled the bare minimum apps I understood I would need to control access for internet blackout and controlling certain IM apps even when internet is available.
So added only the below apps - knowing that probably firewall and application control is all what I need.
Made the following firewall rule
In addition to the firewall - i wanted to control the IM apps (since I saw that firewall is unable to block - more on that laters) . So used application control as follows
Revelations
=======
After setting up the above - in my wee mind - I had conquered it all and achieved the holy grail of super fine grained control to what and what not can be done on my network - assuming the controls are working as desired.
I found out that on the target mobiles (devices) - when the policy time is active, the internet reachability is blocked (the Wifi Connection icon on the mobile shows a little cross symbol) plus no browser pages can be opened -- HOWEVER - the IMO + Whatsapp messaging apps on the mobile keeps working - receiving and sending audio/video calls + messages. I am more focused on IMO.
I tried various modes of connection
1. One mobile on 5G and another on home network - IMO keeps working.
2. Both mobiles assigned to the restrictive policy - IMO keeps working.
3. Establishing an active call session minutes before policy restriction time comes in effect - to see if the call is disconnected - IMO keeps working.
In short despite internet browsing being blocked (not sure what other background services still work) - the IMO app keep working.
Seems like firewall and application control are rendered useless to block this app - plus the firewall rule should block all and any kind of access to internet - as i understand.
Can anyone point me in the right direction if I am missing anything or there is any other way of blocking this/all such apps.
Thanks for your time and responses.
Comment