Solved

Blocking hosts using a PIX501

Posted on 2006-11-01
1
234 Views
Last Modified: 2010-04-09
what command (if any) could I use to block ad hosts such as doubleclick.net and atdmt.com in my PIX 501. I have a whole list of hosts to block already.. I just wanted to get the correct command to do so.
0
Comment
Question by:Bill Warren
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17854532
You cannot block hosts by dns domain name, only by IP address. you would have to use nslookup to resolve doubleclick.net and atdmt.com to IP addresses, then create a blocking acl in the pix:

Name:    doubleclick.net
Address:  216.73.92.112

Name:    www.atdmt.com
Address:  12.130.62.126

access-list deny_outbound deny ip any host 216.73.92.112
access-list deny_outbound deny ip any host 12.130.62.126
access-list deny_outbound permit ip any any
access-group deny_outbound in interface inside
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question