Solved

bloking chat or website in pix

Posted on 2006-11-22
10
595 Views
Last Modified: 2013-11-16
hi
can i block chat like yahoo chat or hotmail chat in pix 525?
can i block website like www.oil.com or any website i want in pix 525


thanks
0
Comment
Question by:nasemabdullaa
  • 2
  • 2
  • 2
  • +4
10 Comments
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17995932
I don't think that's possible within the Pix firewall.

Short term - The quickest way is to modify your dns internally to have a zone entry for 'oil.com' pointing the request to a private IP scheme.

Long term - You may want to look at some web blocking software.

Ira @ KVR
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17995991
Does the pix 525 not allow you to block the ports normally used?



0
 

Author Comment

by:nasemabdullaa
ID: 17996050
hi
thanks for your reply
>>>You may want to look at some web blocking software.
can you gave me some title for this program

>>>Does the pix 525 not allow you to block the ports normally used
how i can block ports

thanks
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 16

Assisted Solution

by:AdamRobinson
AdamRobinson earned 25 total points
ID: 17996202
Not familiar with the Pix 525 myself, I was just assuming it had to be possible to block ports/websites, else I can't see what good it's worth dynamically.  But see this link:

http://www.velocityreviews.com/forums/t34557-pix-howto-restricting-ports-used-for-pat.html
0
 
LVL 7

Assisted Solution

by:killbrad
killbrad earned 25 total points
ID: 17996208
I don't think you can restrict a domain name in the PIX, Only IP Addresses..
For content filtering, use Squid Proxy w/ DansGuardian:

http://www.squid-cache.org/
http://dansguardian.org/
0
 

Author Comment

by:nasemabdullaa
ID: 17996314
hi
thanks for your reply
i want web filter for windows server 2003

thanks
0
 
LVL 1

Expert Comment

by:rpone605
ID: 17996713
it is possible to block ports in the pix with access lists
0
 
LVL 8

Assisted Solution

by:caddlady
caddlady earned 50 total points
ID: 18000224
0
 
LVL 5

Accepted Solution

by:
drawlin earned 150 total points
ID: 18000799
The PIX will block outgoing just as it will incomming traffic.  By default, most people only create an access-list for inbound traffic and all outbound is allowed.  You can create an access-list for outbound traffic, but be warned that you must make an entry for every allowed outgoing connection type.  Meaning, once you make the outbound access-list, you must make entries for http, https, ftp, smtp, pop, etc......  If your boss uses some program that talks on UDP port 5342, then you have to make an entry for that as well.  

In other words, it's possible but also labor intensive.  However, once you have the access-list created based on your company policy, you will be much more secure than you were not having an outbound access-list.  One huge payoff to having this access-list is that if a client gets some malware that talks on IRC or some higher port, it gets blocked.

As far as blocking a website, you can nslookup www.oil.com (195.149.84.100) to get the IP, then make an:
access-list inbound deny ip 195.149.84.100 any entry in the PIX.

So it's possible, but you may not want to spend the time required to make all the access-list rules and may opt for something with a content filtering subscription.
0
 
LVL 7

Expert Comment

by:killbrad
ID: 18014770
It is important to remember that millions of websites are multi-homed (which means many servers, using several dfferent ip addresses are load balanced), and that websites can (and do often) change their ip addresses.  This is quite a task to keep up once you get more than a couple sites setup in the PIX using IP addresses.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question