Re: [fw-wiz] Cisco ASA 5510 and proxy server detection

On 2/7/06, Aaron Smith <smitha@xxxxxxxx> wrote:
On Tue, 2006-02-07 at 06:05 -0800, John Madden wrote:

Is there a way to NOT permit users from the inside to
connect to a proxy server on the outside and bypassing
the Web filtering software ?

Thank you

Fight fire with fire. Force all users to use an internal proxy and only
allow that proxy out. Deny the rest.


@@ron Smith <smitha@xxxxxxxx>
Network Operations
Brigham Young University Idaho

firewall-wizards mailing list

Aaron, I'm not fluent on the 5510 per se; but if you are
authenticating to an external AAA server such as a RADIUS server you
might be able to set up downloadable ACLs and tie them to the users
who are to be denied Internet access.

The ACLs would permit traffic only to and from your internal network;
so if they tried to head into the wild they'd get denied - period.



"The Lord bless you and keep you;
The Lord make His face to shine upon you,
And be gracious to you;
The Lord lift up His countenance upon you,
And give you peace."
- Num. 6:24-26
firewall-wizards mailing list