Re: [fw-wiz] Cisco ASA 5510 and proxy server detection



On 2/7/06, Aaron Smith <smitha@xxxxxxxx> wrote:
On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:
Hi,

Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?

Thank you

Fight fire with fire. Force all users to use an internal proxy and only
allow that proxy out. Deny the rest.


________________________________________________________________________

@@ron Smith <smitha@xxxxxxxx>
Network Operations
Brigham Young University Idaho



_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.

The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.

Regards,
nick

--



"The Lord bless you and keep you;
The Lord make His face to shine upon you,
And be gracious to you;
The Lord lift up His countenance upon you,
And give you peace."
- Num. 6:24-26
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: ISA Server Problems, please help
    ... Based on the rules you have listed, SecureNAT clients should only be allowed ... The All access rule for SBS Internet Users ... Web Proxy and/or Firewall Client ... > header to the publishing server instead of the actual one. ...
    (microsoft.public.windows.server.sbs)
  • RE: Simple ISA 2004 questions
    ... You'd better create a new GPO for IE proxy, ... Run "gpmc.msc" in SBS server, ... ISA Server 2004 Query can give you some help. ... In the Microsoft Internet Security and Acceleration Server 2004 console, ...
    (microsoft.public.windows.server.sbs)
  • Re: 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED bei 2 Servern von 6
    ... Ich habe mir nun auf einem Server, der sich bei MS Updateservices bedienen konnte, WSUS installiert. ... Log Time Client IP Destination IP Destination Port Protocol Action Rule Client Username Source Network Destination Network HTTP Method URL Error Information HTTP Status Code Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy ... Connection Unrestricted Internet access anonymous Internal External HEAD ...
    (microsoft.public.de.german.isaserver)
  • Re: Trend Micro and Proxy Server
    ... Access is from server console. ... ' under the Advanced proxy setting makes a difference. ... just turn off the proxy in the server's IE settings. ... Les Connor [SBS Community Member - SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA 2004 & companyweb
    ... Server, the traffic will still be handled by the ISA Server because the ... "Bypass proxy server for local addresses" option is disabled, ...
    (microsoft.public.windows.server.sbs)