Solved

bloking chat or website in pix

Posted on 2006-11-22
10
598 Views
Last Modified: 2013-11-16
hi
can i block chat like yahoo chat or hotmail chat in pix 525?
can i block website like www.oil.com or any website i want in pix 525


thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17995932
I don't think that's possible within the Pix firewall.

Short term - The quickest way is to modify your dns internally to have a zone entry for 'oil.com' pointing the request to a private IP scheme.

Long term - You may want to look at some web blocking software.

Ira @ KVR
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17995991
Does the pix 525 not allow you to block the ports normally used?



0
 

Author Comment

by:nasemabdullaa
ID: 17996050
hi
thanks for your reply
>>>You may want to look at some web blocking software.
can you gave me some title for this program

>>>Does the pix 525 not allow you to block the ports normally used
how i can block ports

thanks
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 16

Assisted Solution

by:AdamRobinson
AdamRobinson earned 25 total points
ID: 17996202
Not familiar with the Pix 525 myself, I was just assuming it had to be possible to block ports/websites, else I can't see what good it's worth dynamically.  But see this link:

http://www.velocityreviews.com/forums/t34557-pix-howto-restricting-ports-used-for-pat.html
0
 
LVL 7

Assisted Solution

by:killbrad
killbrad earned 25 total points
ID: 17996208
I don't think you can restrict a domain name in the PIX, Only IP Addresses..
For content filtering, use Squid Proxy w/ DansGuardian:

http://www.squid-cache.org/
http://dansguardian.org/
0
 

Author Comment

by:nasemabdullaa
ID: 17996314
hi
thanks for your reply
i want web filter for windows server 2003

thanks
0
 
LVL 1

Expert Comment

by:rpone605
ID: 17996713
it is possible to block ports in the pix with access lists
0
 
LVL 8

Assisted Solution

by:caddlady
caddlady earned 50 total points
ID: 18000224
0
 
LVL 5

Accepted Solution

by:
drawlin earned 150 total points
ID: 18000799
The PIX will block outgoing just as it will incomming traffic.  By default, most people only create an access-list for inbound traffic and all outbound is allowed.  You can create an access-list for outbound traffic, but be warned that you must make an entry for every allowed outgoing connection type.  Meaning, once you make the outbound access-list, you must make entries for http, https, ftp, smtp, pop, etc......  If your boss uses some program that talks on UDP port 5342, then you have to make an entry for that as well.  

In other words, it's possible but also labor intensive.  However, once you have the access-list created based on your company policy, you will be much more secure than you were not having an outbound access-list.  One huge payoff to having this access-list is that if a client gets some malware that talks on IRC or some higher port, it gets blocked.

As far as blocking a website, you can nslookup www.oil.com (195.149.84.100) to get the IP, then make an:
access-list inbound deny ip 195.149.84.100 any entry in the PIX.

So it's possible, but you may not want to spend the time required to make all the access-list rules and may opt for something with a content filtering subscription.
0
 
LVL 7

Expert Comment

by:killbrad
ID: 18014770
It is important to remember that millions of websites are multi-homed (which means many servers, using several dfferent ip addresses are load balanced), and that websites can (and do often) change their ip addresses.  This is quite a task to keep up once you get more than a couple sites setup in the PIX using IP addresses.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question