Re: [fw-wiz] Blocking Video/Audio Streaming

The pix is not just a packet filter only. It is a stateful firewall which
keeps track of sessions not just source and destination. Just source and
destination would be an example of a router access list. If you want to do
content filtering then look at the fixup command which will interogate the
actual packets themselves for certain protocols when enabled. try fixup
protocol http and fixup protocol rtsp 80. If the fixup on rtsp doesnt work
which it should, then the fixup on http when enable will allow you filter
urls once you track them down (more tedious but doable). Also if you have
the resources invest in a reverse proxy. If you have a big user community
you are shooting yourself in the foot not having one. Enjoy.


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx on behalf of Mathew
Sent: Tue 5/23/2006 7:30 PM
To: 'Firewall Wizards Security Mailing List'
Subject: Re: [fw-wiz] Blocking Video/Audio Streaming


Pix can't as far as I know as it is a packet filter only. It makes its
decision based on source and destination, not content as it has (or at least
had) no application layer gateway (ALG) inspection ability. If you want to
control content like that you probably want to look at a proxy
server/firewall or content filter that is able to see if the traffic is in
fact HTTP or !HTTP and allow or deny based on this.

My best guess anyway......


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of R.
Sent: Tuesday, 23 May 2006 9:31 AM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] Blocking Video/Audio Streaming

Hi List,

Many of the streaming video/audios uses http port 80 as
transport, It is possible to block this type of traffic on
Cisco PIX/IOS FW? a sample config will really help me.

MMS and RTSP ports are already closed but i am still getting
large traffic thru http port 80.

firewall-wizards mailing list

firewall-wizards mailing list

firewall-wizards mailing list