Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Blocking Gmail chat using InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 30 Jul 2014
    • Product/Version:
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • N/A N/A
Summary
Block Gmail chat without prohibiting user access to their email accounts.
Details
Public
To block Gmail chat through IWSVA:
  1. On the IWSVA console, enable HTTPS Decryption.
  2. Under Communications and Search, select the Email category and save the policy.
  3. Go to Application Control > Policies, select a policy and set the action to "Block" for the Instant Messaging > Google chat
  4. Access your Gmail account.
    You will see the following error message when accessing Gmail chat:
    Unable to reach Gmail. Please check your internet connection or company's network settings.
    gmail chat error
To see if IWSVA actually blocked Gmail chat traffic, check the IWSVA packet capture and http log (verbose mode).
The sample packet capture screenshot below shows a failed Gmail chat connection.
block chat traffic
Note: Because the IWSVA deployment method used in this screenshot is transparent bridge mode, you could see that the client was directly connected to the IP address of Gmail chat.
The http log will show results similar to this:
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTP request -- method "CONNECT"  version "1.1"  URI "74.125.128.189:443"
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTPS: connect: https://*.mail.google.com:443/ : will be decrypt policy chceck:category 5
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Evaluating HTTPS Decrypting policy, pid = [3] rid = [6]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> CheckHTTPSDecryptPolicy: Categorization ID is 52
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTPS decrypt for URL [https://*.mail.google.com:443/]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Category is [52:Email]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> HTTPS traffic will be decrypted after force handshake, pState->m_bRequestClientCert: 0, pCCache->m_bTunnelClientCertConnection: 1
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Resign client cert for: MD5_i15f4BISQnKPpFq8UbYTAA__ status modified
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler for site: (null) is to be created
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler: error code is get as 0
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler construtor created, socket [274]
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> TmSecureHandler: error code is get as 0
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Get client handler, client_handler = 0xe85f63c8.
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Shakehand, client_handler = 0xe85f63c8.
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> [274] HandleIO returned TRANSACTION_TERMINATED\n
2012/11/09 22:18:25 GMT-03:00 <debug><8:18924:19005> Close server connection [276]
Note: 74.125.128.189 is the IP address of chatenabled.mail.google.com.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1095450
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.