I'm trying to restrict Remote access, IM and p2p at work through the CSM section on the router

I can add what I need in IM/P2P Filter Profile Table OK, then I try to add a block if not further match rule in the filter setup of the firewall section the section is greyed out and I can only allow IM/P2P Filter entry and not restrict it.

The only way I can find of restricting the IM/P2P profile I've created is in the general setup of the firewall section but this then applies to the entire network. This would be ok if I could then allow selective PC's through but when I create an allow rule in the filter setup this just doesnt work.

Has anyone manage to get this working, please help.

have a look at this post:
http://www.forum.draytek.co.uk/viewtopic.php?t=12656

louis-m wrote: have a look at this post:
http://www.forum.draytek.co.uk/viewtopic.php?t=12656

Thanks Louis but that thread is about url filtering on a 2820. Is the firmware not different on my 2950? as some of the options mentioned dont appear on my router, I'm running the latest firmware available on the UK site.

principle is the same. you need to have a pass rule for an ip group in order for the csm filters to work.

louis-m wrote: principle is the same. you need to have a pass rule for an ip group in order for the csm filters to work.

Thats my problem, I add an allow rule for the test computer but I cannot get it to work.

To test I've started with blank filter rules. I have created a profile and added it to the general setup in the firewall to block all remote access with 'LogMeIn' This block works on the entire network. I now try to add an allow rule in the filter setup that allows 'LogMeIn' to my test computer but it will not work. I get the following on syslog

[CSM] Blocked LogMeIn, 77.242.193.145:443 -> 192.168.1.177:3235, PR tcp -AP

My local test computer is 192.168.1.177
I have tried both Lan to Wan and Wan to Lan without success.

Do you have any more suggestions please?

ok....
to secure the network totally, you make a "block if no further match" first in the list of firewall rules with everything set as "any"
that will block everything.
next you do an allow rule, that will allow whatever network you specify to pass. if you put a csm rule in there, it is generally to block. check whether your csm profiles are set to block or allow.