Re: [fw-wiz] Blocking Video/Audio Streaming



-----Original Message-----
Subject: [fw-wiz] Blocking Video/Audio Streaming

Many of the streaming video/audios uses http port 80 as transport, It is
possible to
block this type of traffic on Cisco PIX/IOS FW? a sample config will
really help me.

The HTTP fixup doesn't allow you to deny a/v streams or files over HTTP on
its own. You may be able to add an additional system (like a content filter
or and IDS) that can leverage the PIX to block the connection once it is
properly identified. Part of the problem is that you have a pretty big set
of detection factors for this stuff inside of the HTTP headers. Maybe MIME
type for some things, URL regex for others, and User-Agent for the rest.
PIX can't do that on its own.

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • PIX Firewalls cut-through proxy
    ... Cisco PIX handles HTTP connections? ... Cisco http connection management is as follows: ... In User Service and policy is checked, the PIX Firewall shifts ...
    (Security-Basics)
  • Re: help - PIX translation and ports question
    ... I would tend to doubt that RPC over HTTP would solve the issues ... VPN, such as is possible with the PIX 515/515E, PIX 525, PIX 535, ... That would, though, require that your LAN be an extension ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] (no subject)
    ... The http and https were done on the same machine, same user, same ... What specifically leads you to believe that it's the PIX at fault? ... > administrator or a member of the Administrators group. ... > is connected to a network, network policy settings may also prevent you ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Blocking Video/Audio Streaming
    ... You absolutely can do this by integrating your PIX with a product like Websense. ... PIXs natively support integration with Websense. ... The HTTP fixup doesn't allow you to deny a/v streams or files over HTTP on ...
    (Firewall-Wizards)
  • turnting on http inspection on a PIX
    ... I have a PIX 515 running 7.04. ... on http inspection. ... Documentation on the Cisco web site led me to ...
    (comp.dcom.sys.cisco)