How to block ssh and email attachements in zentyal

[Zent User]

I'm using zentyal2.2 as a my gateway,how can I implement following things in zentyal

    1. Need to block ssh
    2. How can restrict on email attachments size.For example,I've a account in gmail,then I can send mails with an attachment upto 1Mb after that I should allow user to upload more this size.

Thanks in advance

[christian]

I'm using zentyal2.2 as a my gateway,how can I implement following things in zentyal
1. Need to block ssh

If you look at nework services, there is already one for SSH.
You can them easily, in firewall, block this service for either access to Zentyal box or access to internet depending on your need that is not clear here.

    2. How can restrict on email attachments size.For example,I've a account in gmail,then I can send mails with an attachment upto 1Mb after that I should allow user to upload more this size.

We discussed this yesterday already isn't it 
I mean you can ask 01 times, until you specifit better your scenario or Zentyal add some new feature, it is very unlikely that answer changes 

[Zent User]

I've written rule for internal networks to block the ssh,even though I'm unable to block the ssh,where it is going wrong Mr.christian

[christian]

it look OK, at least from my seat.
When I apply same rule to prevent access to external web site (using its IP), it works.

What do you try to prevent exactly? I mean where is/are SSH servers you want to prevent access to?

[Zent User]

Suppose in my network two systems are there,whose ip#1:192.168.5.12 and ip#2:192.168.5.14.Currently ip#1 machine can be accessed by ssh from ip#2 machine and vice-verse.I want prevent this,then what should I do,at a time I want to log this events also.

[christian]

ouch !!!!    you can't so this with Zentyal neither any other system that will not be deployed between 192.168.5.12 and 192.168.5.14.
Communication between these 2 machines is direct.
If you want to control access to some machines, you could still "install" it on dedicated network segment and control access using Zentyal FW.

Hint: could be VLAN

[Zent User]

Why can't Zentyal won't control,here any how gateway is zentyal na.Zentyal DHCP itself assigning these IP's to the system.

[christian]

because once IP addresses are allocated, evne if you stop your Zentyal server, devices that are one same network segment can "see" each others and will not go through Zentyal server to communicate. This is that simple.

Or your network is not what I understand and you should explain further your design.

[Zent User]

At least is it possible to block ssh from internal network to external network,or you have any confusion here also !!!

Network Design : ISP--->Router---->Zentyal etho---->Zentyal eth1---->Switch--->Individual Systems

Anyhow thanks for your support