Re: can I use a PIX 515 to block URL's instead of using Websense?
From: SysAdm (wjones@sitesmith.com)Date: 06/04/02
- Next message: austin: "sygate and intel anypoint device"
- Previous message: Nix Geek: "Re: Small Office Firewall/VPN Recommendations?"
- In reply to: Hana: "can I use a PIX 515 to block URL's instead of using Websense?"
- Next in thread: Bob Whittier: "Re: can I use a PIX 515 to block URL's instead of using Websense?"
- Reply: Bob Whittier: "Re: can I use a PIX 515 to block URL's instead of using Websense?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "SysAdm" <wjones@sitesmith.com> Date: Mon, 3 Jun 2002 22:47:39 +0000 (UTC)
the pix isnt really built for URL blocking, which is why products such as
websense are out there. cisco themselves recommend this product to work in
conjunction with the pix (as do other firewall manufacturers)
add the following code to your pix in order for it to utilise url filtering.
in this example, you have defined a server named filter-server which sits in
the security20 segment, with an address of 192.168.10.1 -- the idle time
specifies how long to wait for the server before switching to the next
websense server (which you need to define...)
filter-server (security20) 192.168.10.1 timeout 5
filter url http 0 0 0 0 allow
Security is a many headed beast, which requires the application of many
techniques in order to combat unwanted traffic and/or intrusion attempts.
Trying to get a firewall to do a job it wasnt made for is a recipe for
failure from inception.
SysAdm
"Hana" <hanafubuki@email.com> wrote in message
news:5244c69b.0206031251.eb5920e@posting.google.com...
> Our company purchased Private I with our PIX 515 to monitor http
> traffic. It is satisfactory. Unfortunately, Private I does not
> provide URL blocking. We have been advised to buy Websense, or
> something similar. Websense will duplicate the reporting we purchased
> in Private I, and our blocking needs are small.
>
> Understanding that it may both be a lot of work, and not generate user
> friendly error messages to the client, is there something inherently
> wrong with blocking the IP addresses of the URL hosts on the firewall
> itself instead of using a product like Websense?
>
> Thank you in advance for your help.
>
> Hana
- Next message: austin: "sygate and intel anypoint device"
- Previous message: Nix Geek: "Re: Small Office Firewall/VPN Recommendations?"
- In reply to: Hana: "can I use a PIX 515 to block URL's instead of using Websense?"
- Next in thread: Bob Whittier: "Re: can I use a PIX 515 to block URL's instead of using Websense?"
- Reply: Bob Whittier: "Re: can I use a PIX 515 to block URL's instead of using Websense?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
