alkhaleej
asked on
How to block IM,P2P applications, Google earth,multimedia contents from PIX 525 ver 7.0(6)
Hi Experts
I am really worried about the bandwidht usage by p2p applications, I need to block all P2P applications, messengers, youtube, metacafe, proxy softwares from my pix 525 ver 7.06. I need the way to block them, either by access-list or by any other available means. We don't have websense or blue coat to block these things, I know i cannot achieve 100 % but to certain extent i want block these applications, also is there any way to block certain web sites. Please let me know .
I am really worried about the bandwidht usage by p2p applications, I need to block all P2P applications, messengers, youtube, metacafe, proxy softwares from my pix 525 ver 7.06. I need the way to block them, either by access-list or by any other available means. We don't have websense or blue coat to block these things, I know i cannot achieve 100 % but to certain extent i want block these applications, also is there any way to block certain web sites. Please let me know .
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I use IPCOP with a block outgoing traffic addin as our main router.
By default the add in blocks everything.
You then have to open up the holes you want like port 80, 21, 25, 110, 1723, etc.
It will run on any old machine you may have laying around. even a 486.
You can even limit access by ip or mac.
I've been able to block all P2P application.
MSN is a tough one to block because it defaults to port 80 which you need for web browsing.
It works great for me.
By default the add in blocks everything.
You then have to open up the holes you want like port 80, 21, 25, 110, 1723, etc.
It will run on any old machine you may have laying around. even a 486.
You can even limit access by ip or mac.
I've been able to block all P2P application.
MSN is a tough one to block because it defaults to port 80 which you need for web browsing.
It works great for me.
Are you still working on this? Can you close out this question before the cleanup crew gets around to it?
Thanks!
Thanks!
Hi,
For what it's worth, we successfully block YouTube flash videos with this policy-map (inspect type) for our clients that need it:
regex _videoflash "video/flv"
policy-map type inspect http http-no-flash
parameters
match response header content-type regex _videoflash
drop-connection log
policy-map global_policy
class inspection_default
inspect http http-no-flash
For what it's worth, we successfully block YouTube flash videos with this policy-map (inspect type) for our clients that need it:
regex _videoflash "video/flv"
policy-map type inspect http http-no-flash
parameters
match response header content-type regex _videoflash
drop-connection log
policy-map global_policy
class inspection_default
inspect http http-no-flash
messenger.hotmail.com -> msn messenger
login.oscar.aol.com -> aol messenger
msg.edit.yahoo.com -> yahoo messenger
Then just create bogus dns entries for any websites you want to block.
This is what we do at our clients that have no other means of blocking