Re: Internet access
- From: "Mathieu CHATEAU" <gollum123@xxxxxxx>
- Date: Mon, 10 Dec 2007 11:50:26 +0100
I don't have pix anymore on the hand, but you may use some basic feature to achieve your goal.
I think you may add basic cisco authentification on the rule that allow http/https outside. If so, you may use local account on the pix, or use radius (IAS on the Windows server) to let them authenticate with their windows account.
As i don't have a pix on hand, and i was used to bigger one, it may not be possible.
--
Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr
"reptil" <c.reptil@xxxxxxxxx> wrote in message news:m33ql3hd8od2t4c9avb5voi2ig57ebnnks@xxxxxxxxxx
515E
Ok, :))), that is problem. If I restrict IE or firefox there is possibillity for download on all other ports.
This 2 people use a same computers like other 10 people in this room because we work in 3 shifts and this 2 people work just in 1st shift.
Now I have restricted IP's on PIX, so I'm finding new solution, but the best solution is as I think it is with proxy.
Thnx for advices
What is your pix model ? 501 ?
You may tweak IE with bad proxy through GPO (and firefox through a custom
ADM), but that won't stop bad guys (or people with more knowledge).
Does these 2 people have their own personal computers ? If so, you can
easily restrict by ip addresses.
.
- Follow-Ups:
- Re: Internet access
- From: reptil
- Re: Internet access
- References:
- Internet access
- From: reptil
- Re: Internet access
- From: Mathieu CHATEAU
- Re: Internet access
- From: reptil
- Re: Internet access
- From: Mathieu CHATEAU
- Re: Internet access
- From: reptil
- Internet access
- Prev by Date: Re: Internet access
- Next by Date: Re: Internet access
- Previous by thread: Re: Internet access
- Next by thread: Re: Internet access
- Index(es):
Relevant Pages
|
